HQ/EMEAFind out how we can help your business
Oracle’s Fusion Middleware, or FMW, was detected with a critical flaw, which the Cybersecurity and Infrastructure Security Agency or CISA in the US added to its Known Exploited Vulnerabilities (KEV) catalogue. The American security agency also listed evidence of active exploitation by hackers of the newly discovered vulnerability.
Tracked by CISA as CVE-2021-35587, the Fusion Middleware flaw has a CVSS score of 9.8, which signifies its criticality, and is said to affect Oracle Access Manager (OAM) on its versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.
Security experts explained that hackers who have abused the Oracle Fusion Middleware bug could access a target’s network.
Once the threat actors gained unauthenticated network access on a compromised machine, they could take control of the Access Manager instances, allowing them to create user accounts and give them access privileges. Moreover, the hackers could also get code execution in the compromised server.
Last January, Oracle addressed the critical flaw on Fusion Middleware as part of its Critical Patch Update, or the batch of patches for various security bugs. Oracle also detailed the identified security vulnerabilities, explained workarounds, and discussed risk matrixes, among other things related to the Critical Patch Update compilation.
Countries including the US, Canada, Singapore, and China have been found with the most active exploitation attempts of the Fusion Middleware flaw. Individuals and organisations within and outside these countries are warned to be cautious against attack threats brought by cybercriminal groups.
CISA also adds to the KEV catalogue a recently fixed vulnerability in heap buffer overflow of the Google Chrome web browser, tracked CVE-2022-4135. This separate flaw was also spotted as being heavily abused by threat actors.
The tech vendor has mandated users, organisations, and federal agencies to implement the released patches until December 19 to secure their servers and networks against potential cyberattacks. Firms must also implement strengthened security protocols to protect their networks from unauthorised intrusions.
