Quick Hits

Oracle Fusion Middleware Flaw Flagged by CISA

The bug could allow unauthorized access and takeover, earning it a spot on the Known Exploited Vulnerabilities Catalog.

A critical bug in Oracle's Fusion Middleware Access Manager has landed on the Cybersecurity and Infrastructure Security Agency's list of known exploited vulnerabilities. 

The critical flaw, tracked under CVE-2021-35587, could allow a threat actor to compromise and take over the Oracle Access Manager.

Oracle's Fusion Middleware is an enterprise cloud platform used by customers that include large telecom carriers and factories, according to its site.

CISA labeled it an an "unspecified" vuln. "Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to take over the Access Manager product," CISA warned.