Exploit for Vulnerability in Oracle Access Manager exploit

Share

## https://sploitus.com/exploit?id=27AD78EB-7B32-58E2-B2B6-6DFA709576AB * CVE-2021-35587 -------- ** Description - POC for CVE-2021-35587: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. - create by antx at 2022-03-14. -------- ** Detail - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. - Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. -------- ** CVE Severity - attackComplexity: LOW - attackVector: NETWORK - availabilityImpact: HIGH - confidentialityImpact: HIGH - integrityImpact: HIGH - privilegesRequired: NONE - scope: UNCHANGED - userInteraction: NONE - version: 3.1 - baseScore: 9.8 - baseSeverity: CRITICAL -------- ** Affect - Access Manager - 11.1.2.3.0 - 12.2.1.3.0 - 12.2.1.4.0 -------- ** POC - [[./CVE-2021-35587.py][Poc]] -------- ** Reference - Ref-Source - [[https://testbnull.medium.com/oracle-access-manager-pre-auth-rce-cve-2021-35587-analysis-1302a4542316][Oracle Access Manager pre-authentication Remote Code Execution CVE-2020-35587]] - [[https://github.com/cckuailong/reapoc/blob/4eb15938ed9f44aa7db47fdbb88bc45f556b02bb/2021/CVE-2021-35587/poc/nuclei/CVE-2021-35587.yaml][Nuclei POC <CVE-2021-35587>]] - Ref-Risk - [[https://nvd.nist.gov/vuln/detail/CVE-2021-35587][NVD<CVE-2021-35587>]] - CVE - [[https://github.com/CVEProject/cvelist/blob/master/2021/35xxx/CVE-2021-35587.json][CVE-2021-35587]] - [[https://nvd.nist.gov/vuln/detail/CVE-2021-35587][NVD<CVE-2021-35587>]] - Ref-Poc-Engine - [[https://github.com/antx-code/pocx][pocx]]