Description
Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent) is vulnerable to a Java Object Deserialization remote code execution vulnerability. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform a denial of service attack.
Remediation
Upgrade to the latest version of Oracle Access Manager
References
Oracle Critical Patch Update Advisory - January 2022
Oracle Access Manager Pre-Auth RCE (CVE-2021–35587 Analysis)
Related Vulnerabilities
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)