What is CVE-2021-35587?

CVE-2021-35587 is a critical vulnerability in Oracle Access Manager that allows unauthenticated attackers to take over the service. Organizations should prioritize patching immediately to mitigate risks.

What is the severity of CVE-2021-35587?

CVE-2021-35587 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2021-35587 | Critical Vulnerability in Oracle Access Manager

Q: Is CVE-2021-35587 in CISA KEV?

Yes. CVE-2021-35587 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2021-35587 is a critical vulnerability affecting the Oracle Access Manager product of Oracle Fusion Middleware. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise the Oracle Access Manager. It has a CVSS 3.1 Base Score of 9.8, indicating severe impacts on confidentiality, integrity, and availability. The supported affected versions include 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. Organizations should prioritize patching immediately to mitigate risks.

Successful exploitation of this vulnerability can lead to complete takeover of the Oracle Access Manager, affecting organizations' security posture significantly. As this vulnerability is easily exploitable, it is crucial for security teams to take immediate action.

This vulnerability has been analyzed as critical, with an exploitability score indicating a high likelihood of being targeted. The urgency for defenders to act cannot be overstated, given the potential for unauthorized access and data breaches.

Organizations are encouraged to apply updates as per vendor instructions to secure affected systems. The risk to organizations includes unauthorized access, data loss, and damage to reputation.

Vulnerability Details

The vulnerability is classified under CWE-306, which pertains to missing authentication for critical functions. As noted earlier, the CVSS 3.1 Base Score is 9.8, indicating a critical severity level. The vulnerability impacts Oracle Access Manager, specifically versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0, and was published on January 19, 2022.

Technical Analysis

The root cause of this vulnerability lies in the OpenSSO Agent component of the Oracle Access Manager. The attack vector is network-based, allowing attackers to exploit this vulnerability remotely without requiring user interaction. The attack complexity is low, and no privileges are required for exploitation.

The impacts of a successful attack are severe, as it can lead to high confidentiality, integrity, and availability impacts. Security teams must monitor for indicators of exploitation actively.

Risk & Impact Analysis

Risk to organizations includes unauthorized access, data loss, and overall compromise of security systems. The blast radius for this vulnerability is substantial, impacting multiple versions of a critical access management product.

Given the CVSS score of 9.8 and its presence in the Known Exploited Vulnerabilities (KEV) catalog, organizations should address this vulnerability in their priority patch cycle.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The affected versions of Oracle Access Manager include 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. Organizations should ensure that they are running the latest patched versions to mitigate the risks associated with this vulnerability.

Mitigation & Remediation

Organizations should apply the latest updates provided by Oracle to mitigate this vulnerability. Recommended actions include checking for the latest version of Oracle Access Manager and implementing necessary patches as detailed in the vendor's advisory. If a patch is unavailable, organizations should consider configuration hardening and network controls to limit exposure.

Additionally, organizations may benefit from engaging in security assessments such as penetration testing to identify similar vulnerabilities in their systems.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual access patterns, particularly from unauthenticated sources. Behavioral anomalies and unauthorized changes to the Oracle Access Manager system should also be flagged. Implementing network signatures can help identify malicious traffic targeting the affected components.

AppSecure Threat Intelligence Insight

CVE-2021-35587 represents a significant threat to organizations using Oracle Access Manager. This vulnerability highlights the importance of maintaining up-to-date software and the need for proactive security measures. Security teams should learn from this incident to enhance their overall security posture and consider implementing a comprehensive vulnerability management program to better detect and mitigate similar vulnerabilities in the future. Furthermore, they should consider adopting a penetration testing methodology to validate the effectiveness of their security controls.

Finally, engaging in API penetration testing can provide insights into potential weaknesses within the access management infrastructure.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-35587: Critical Vulnerability in Oracle Access Manager