CVE-2021-35587 — AI Deep Analysis Summary

🚨 **Essence**: Oracle Fusion Middleware has a critical flaw in the **OpenSSO Agent**. <br>💥 **Consequences**: Attackers can execute **arbitrary code** remotely.…

🛡️ **Root Cause**: **Incorrect Input Validation** within the OpenSSO Agent component.…

🏢 **Affected Vendor**: Oracle Corporation. <br>📦 **Product**: Oracle Fusion Middleware (specifically **Access Manager**). <br>📅 **Versions**: 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. If you run these, you are at risk!

💀 **Attacker Capabilities**: <br>✅ Execute **Arbitrary Code** on the target server. <br>✅ Gain **Full Control** (High Impact on Confidentiality, Integrity, and Availability). <br>✅ No authentication required!…

⚡ **Exploitation Threshold**: **EXTREMELY LOW**. <br>🌐 **Network**: Accessible via HTTP. <br>🔑 **Auth**: **Unauthenticated** (No login needed!). <br>🎯 **Complexity**: Low (Easy to exploit).…

💣 **Public Exploits**: **YES**. <br>🔗 Multiple PoCs are available on GitHub (e.g., `antx-code/CVE-2021-35587`, `ZZ-SOCMAP/CVE-2021-35587`). <br>🤖 **Automation**: Nuclei templates exist for mass scanning.…

🔍 **Self-Check Methods**: <br>1. **Scan**: Use Nuclei templates (`http/cves/2021/CVE-2021-35587.yaml`). <br>2. **Verify**: Check if your Oracle Access Manager version matches the affected list. <br>3.…

🩹 **Official Fix**: **YES**. <br>📢 Oracle released a security alert in **January 2022** (CPUJan2022). <br>🔗 Reference: `https://www.oracle.com/security-alerts/cpujan2022.html`.…

🚧 **No Patch? Workarounds**: <br>1. **Network Segmentation**: Block external HTTP access to the OpenSSO Agent. <br>2. **WAF Rules**: Implement strict input validation rules to block malicious payloads. <br>3.…

🚨 **Urgency**: **CRITICAL / IMMEDIATE ACTION REQUIRED**. <br>📉 **Priority**: P1. <br>⏳ **Reason**: Unauthenticated RCE with public PoCs. Do not wait. Patch now or isolate the system from the internet immediately.