Exploit for #VU59699 Improper input validation in Oracle Access Manager

Cybersecurity Help s.r.o.

Published: 2022-03-15 | Updated: 2025-04-08

Vulnerability identifier: #VU59699

Vulnerability risk: High

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2021-35587

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 3

April 8, 2025
- Oracle Access Manager unauthenticated Remote Code Execution [Metasploit]
September 20, 2024
- CVE-2021-35587 (Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587) [Github]
March 15, 2022
- CVE-2021-35587 (Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587) [Github]

Vulnerable software:
Oracle Access Manager
Server applications / Directory software, identity management

Vendor: Oracle