CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2021-35587

Critical Severity
Oracle
SVRS
94/100
CVSSv3
9.8/10
EPSS
0.94148/1

CVE-2021-35587 is a critical vulnerability in Oracle Access Manager allowing complete system takeover. This Oracle Access Manager flaw affects versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0, posing a serious security risk. With an SVRS of 94, this vulnerability is considered critical, demanding immediate patching and mitigation. The vulnerability allows an unauthenticated attacker with network access via HTTP to fully compromise the Oracle Access Manager, leading to a complete takeover. Given the existence of active exploits, organizations using affected versions must prioritize patching to prevent unauthorized access, data breaches, and severe operational disruptions. The high CVSS score and SVRS highlight the urgent need for immediate action to address this easily exploitable vulnerability.

TAGS
CISA KEV
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2022-01-19
LAST MODIFIED2025-03-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
_antx-code_CVE-2021-35587https://github.com/antx-code/CVE-2021-355872022-03-14
WhooAmii/POC_to_reviewhttps://github.com/WhooAmii/POC_to_review2022-11-25
Vulnerability in the Oracle Access ...https://www.cisa.gov/known-exploited-vulnerabilities-catalog2022-11-28
soosmile/POChttps://github.com/soosmile/POC2022-06-21
Ostorlab/known_exploited_vulnerbilities_detectorshttps://github.com/Ostorlab/known_exploited_vulnerbilities_detectors2022-04-19
Oracle Fusion Middleware Unspecified Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2021-355872022-11-28
nomi-sec/PoC-in-GitHubhttps://github.com/nomi-sec/PoC-in-GitHub2019-12-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’
Richi Jennings2025-04-04
Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’ | Classic “wordplay:” Larry’s PR angels desperately dance on the head of a pin. The post Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’ appeared first on Security
securityboulevard.com
rss
forum
news
ISC StormCast for Wednesday, November 30th, 2022
Dr. Johannes B. Ullrich2022-11-30
ISC StormCast for Wednesday, November 30th, 2022 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. LinkedIn Bots; Oracle Fusion Exploited; Windows IKE Exploit; Anker Eufy Privacy; SANS Holiday Hack ChallengeLinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Windows IKE Flaw Exploited CVE-2022-34721 https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/ Anker Eufy Cameras
sans.edu
rss
forum
news
IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit
2025-04-01
IAM Whoever I Say IAM :: Infiltrating VMWare Workspace ONE Access Using a 0-Click Exploit | On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discuss some of the vulnerabilities I found, the motivation behind finding such vulnerabilities and how companies can protect themselves. The result of the research project concludes with a pre-authenticated remote root exploit chain nicknamed <code class
srcincite.io
rss
forum
news
Oracle Hack PR Drama: Deny, Deny, Deny — Despite Damning Data
Richi Jennings2025-03-28
Oracle Hack PR Drama: Deny, Deny, Deny — Despite Damning Data | OCI dokey then: Larry Ellison’s PR pukes desperately follow the script. The post Oracle Hack PR Drama: Deny, Deny, Deny — Despite Damning Data appeared first on Security Boulevard<
securityboulevard.com
rss
forum
news
Oracle Cloud Breach: Claims, Denials, and the Reality of Cloud Security Risks in TPRM
Ekrem Selçuk Çelik, Ferdi Gül &amp; Yavuz Han2025-03-27
Oracle Cloud Breach: Claims, Denials, and the Reality of Cloud Security Risks in TPRM | Written by: Ekrem Selçuk Çelik, Ferdi Gül, &#38; Yavuz Han In March 2025, a threat actor known by the alias &#8220;rose87168&#8221; publicly claimed responsibility for a large-scale cybersecurity incident targeting Oracle Cloud. Posting on the hacker forum BreachForums, the actor asserted that they had compromised Oracle&#8217;s traditional login servers (login.(region-name).oraclecloud.com) and exfiltrated approximately 6 million [&#8230;] The post Oracle Cloud Breach: Claims
normshield.com
rss
forum
news
Oracle Breach - Looking Like CVE-2021-35587
/u/EidolonCasper2025-03-25
Oracle Breach - Looking Like CVE-2021-35587 | What's up peeps. I want to keep this short, but here's some good info I've dug up. I hate to spam the sub with more posts about the same thing, but felt this should be shared. 1) The endpoint the TA stated they compromised is currently down. But there is a recent archive of it (Feb 17th) on the Wayback Machine: https://web.archive.org/web/20250217171149/https://login.us2.oraclecloud.com/ <
reddit.com
rss
forum
news
Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked
Sunny Yadav2025-03-24
Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked | Oracle Cloud breach exposed 6M records from 140k+ tenants. Learn how attackers exploited vulnerabilities and steps organizations must take to secure data. The post Massive Oracle Cloud Breach: 6M Records Exposed, 140k+ Tenants Risked appeared first on eSecurity Planet.A sophisticated supply chain hack targeting Oracle Cloud has exfiltrated a staggering 6 million records.</p
esecurityplanet.com
rss
forum
news

Social Media

Oracle Data Breach : Exploitation of CVE-2021-35587 in Oracle Access Manager https://t.co/VzuEMNonz6 https://t.co/agUqr8uAoX
0
0
2
A critical vulnerability, CVE-2021-35587 (CVSS score 9.8), was exploited in Oracle Access Manager. This allowed an unauthorized attacker to compromise the system and steal single sign-on credentials. https://t.co/C6ljaJhESy 1/2
1
0
0
#4 The exposed server hadn’t been touched since 2014 and ran outdated software vulnerable to a CVE-2021-35587 (9.8 Critical) flaw. That’s over a decade of neglect — and Oracle knew.
1
0
0
@NeilMcCauley27 @AskPerplexity Hey there! Oracle dropped a big update in January 2025 for Fusion Middleware, tackling 22 vulnerabilities, including the nasty CVE-2025-21535—18 of which hackers could hit over the network, no login needed! No fresh attack reports since, but past exploits like CVE-2021-35587 show
0
0
0
How Did This Even Happen? The Technical Nerdy Bits 🤓🔍 Here's where it gets properly embarrassing for a company worth billions. The attackers apparently exploited CVE-2021-35587, a vulnerability in Oracle Access Manager with a perfect 9.8 CVSS score (that's basically a 10/10 on
1
0
0
🔍 El atacante asegura haber explotado una vulnerabilidad antigua (CVE-2021-35587). Oracle no aplicó los parches necesarios, dejando expuestos servidores con información de miles de instituciones. 🧵 (6/7) #Vulnerabilidad #Exploit #ZeroDay #ThreatIntel
1
0
0
Evidence points to CVE-2021-35587 in Oracle Fusion Middleware as the entry point. A known vulnerability left unpatched on their server. This is 2025, not 1990. How does a company like Oracle allow this to happen? 7/8
1
0
0
@Shashwat_12304 @1ZRR4H CVE-2021-35587: Upgrade Oracle Access Manager. CVE-2021-22986: Upgrade BIG-IP/BIG-IQ, restrict iControl REST access. See F5's advisory for details.
1
0
0
@jon3k @MalwareJake It 100% happened, a threat actor used CVE-2021-35587 to compromise their systems. This person: https://t.co/CF3s7YuR09
0
0
0
@Shashwat_12304 @1ZRR4H CVE-2021-35587 is a critical vulnerability in Oracle Access Manager, potentially allowing unauthenticated remote attackers to take over the system via HTTP. Severity: 9.8
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppOracleaccess_manager

References

ReferenceLink
MISChttps://www.oracle.com/security-alerts/cpujan2022.html
INTHEWILDhttps://nvd.nist.gov/vuln/detail/CVE-2021-35587
INTHEWILDhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog
INTHEWILDhttps://nvd.nist.gov/vuln/detail/CVE-2021-35587
GITHUBhttps://www.oracle.com/security-alerts/cpujan2022.html
[email protected]https://www.oracle.com/security-alerts/cpujan2022.html
GITHUBhttps://www.oracle.com/security-alerts/cpujan2022.html
AF854A3A-2127-422B-91AE-364DA2661108https://www.oracle.com/security-alerts/cpujan2022.html
[email protected]https://www.oracle.com/security-alerts/cpujan2022.html

CWE Details

CWE IDCWE NameDescription
CWE-306Missing Authentication for Critical FunctionThe software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence