{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T16:25:22.973","vulnerabilities":[{"cve":{"id":"CVE-2021-35587","sourceIdentifier":"secalert_us@oracle.com","published":"2022-01-19T12:15:09.727","lastModified":"2025-10-27T17:08:36.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."},{"lang":"es","value":"Una  vulnerabilidad en el producto Oracle Access Manager de Oracle Fusion Middleware (componente: OpenSSO Agent). Las versiones compatibles que están afectadas son 11.1.2.3.0, 12.2.1.3.0 y 12.2.1.4.0. Una vulnerabilidad explotable fácilmente, permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Access Manager. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Access Manager. CVSS 3.1, Puntuación base 9.8 (impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)"}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-11-28","cisaActionDue":"2022-12-19","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Oracle Fusion Middleware Unspecified Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A287FA5D-D7D9-40B4-8DB2-1D7CE1808408"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"20EB3430-0FF2-4668-BB20-A5611ACC73F6"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35587","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}