Tag :
Cyber Security

1. Summary

Vulnerability Name Oracle Access Manager Remote Code Execution Vulnerability

(CVE-2021-35587)
Release Time March 22, 2022
Component Name OpenSSO Agent
Affected Versions Oracle Access Manager 11.1.2.3.0

Oracle Access Manager 12.2.1.3.0

Oracle Access Manager 12.2.1.4.0
Vulnerability Type Remote Code Execution
Exploitability Attack Vector: Network

Attack Complexity: Low

Privileges Required: None

User Interaction: None
Impact Severity: CVSS v3 Base Score 9.8 (Critical)

Confidentiality Impact: High

Integrity Impact: High

Availability Impact: High

2. About CVE-2021-35587

2.1 Introduction

Oracle Access Management Access Manager (Access Manager) is the former (standalone) product named Oracle Access Manager. Access Manager provides the Oracle Fusion Middleware single sign-on (SSO) solution.

2.2 Summary

On March 23, 2022, Sangfor FarSight Labs received a notice about a remote code execution vulnerability in Oracle Access Manager (CVE-2021-35587), classified as critical with a CVSS Score of 9.8.

This vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager.

3. Affected Versions

Oracle Access Manager 11.1.2.3.0

Oracle Access Manager 12.2.1.3.0

Oracle Access Manager 12.2.1.4.0

4. Solutions

4.1 Remediation Solutions

Oracle has released a patch for affected versions to fix this vulnerability. Please download the patch corresponding to the affected version from the following link: https://www.oracle.com/security-alerts/cpujan2022.html

4.2 Sangfor Solutions

4.2.1 Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the Oracle Access Manager remote code execution vulnerability (CVE-2021-35587):

4.2.2 Security Protection

The following Sangfor products and services provide protection against the Oracle Access Manager remote code execution vulnerability (CVE-2021-35587):

5. Timeline 

On March 23, 2022, Sangfor FarSight Labs received a notice about the Oracle Access Management vulnerability (CVE-2021-35587).

On March 23, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-35587

https://www.oracle.com/security-alerts/cpujan2022.html

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Security Feature Bypass in Microsoft Office (CVE-2026-21509)

Date : 27 Jan 2026
Read Now

Authentication Bypass in Oracle WebLogic Server Proxy Plug-in (CVE-2026-21962)

Date : 22 Jan 2026
Read Now

Command Injection in the phMonitor Service of Fortinet FortiSIEM (CVE-2025-64155)

Date : 15 Jan 2026
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
SASE ROI Calculator - Assess Sangfor SASE’s Total Economic Impact
Sangfor Athena XDR - Extended Detection and Response
Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail