The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned organisations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks.
The Oracle Fusion Middleware single sign-on (SSO) solution, provided by Oracle Access Manager, is affected by the security flaw, tracked as CVE-2021-35587. The researchers who discovered the vulnerability claim that many significant companies, including VMware, Huawei, and Qualcomm, use the impacted product.
An unauthenticated attacker with network access via HTTP could use the flaw, which affects the OpenSSO Agent component, to take control of Oracle Access Manager. When Oracle released its Critical Patch Updates in January 2022, the company also announced a patch.