A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its ?Known Exploited Vulnerabilities (KEV) Catalog. About CVE-2021-35587 CVE-2021-35587 was discovered by security researchers “Jang” (Nguyen Jang) and “Peterjson” in late 2021 by accident, while “building PoC for another mega-0day.” The vulnerability is in the OpenSSO Agent … More
The post Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587) appeared first on Help Net Security.