Oracle Fusion Middleware Unspecified Vulnerability
Exploit or POC: Yes (Actively Being Exploited)
Description: CVE-2022-35587 allows Oracle Access Manger to be easily compromised. Authentication and user interaction is not required for successful exploitation. An attacker with network access via HTTP can employ a series of attacks to evoke an account takeover of the Oracle Access Manager.
Mitigation recommendation: Patching is currently the only method of mitigation
RedLegg Action: None at this time.