REDLEGG BLOG

Emergency Vulnerability Bulletin - 11/29/22

11/29/22 10:36 AM  |  by RedLegg Blog

Oracle Fusion Middleware Unspecified Vulnerability

Identifier: CVE-2022-35587

Exploit or POC: Yes (Actively Being Exploited)

Update: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html

Description: CVE-2022-35587 allows Oracle Access Manger to be easily compromised. Authentication and user interaction is not required for successful exploitation. An attacker with network access via HTTP can employ a series of attacks to evoke an account takeover of the Oracle Access Manager.

Mitigation recommendation: Patching is currently the only method of mitigation

RedLegg Action: None at this time.

 

 

Get Blog Updates

Related Articles

Emergency Vulnerability Bulletin - 02/06/23 threat intel, 96bravo, Bulletin

Emergency Vulnerability Bulletin - 02/06/23

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Emergency Vulnerability Bulletin - 01/13/23 threat intel, 96bravo, Bulletin

Emergency Vulnerability Bulletin - 01/13/23

About: RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide ...
Critical Security Vulnerabilities Bulletin