PatchSiren cyber security CVE debrief
CVE-2021-35587 Oracle CVE debrief
CVE-2021-35587 is an Oracle Fusion Middleware vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-11-28. The supplied source material does not describe the exact weakness or impact, so the safest conclusion is that it is a confirmed exploitation risk requiring prompt patching per Oracle's guidance. Because CISA set a remediation due date of 2022-12-19, organizations should treat this as an urgent maintenance item rather than a routine advisory.
- Vendor
- Oracle
- Product
- Fusion Middleware
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-11-28
- Original CVE updated
- 2022-11-28
- Advisory published
- 2022-11-28
- Advisory updated
- 2022-11-28
Who should care
Oracle Fusion Middleware administrators, application owners, patch management teams, and security operations staff responsible for internet-facing or business-critical middleware deployments.
Technical summary
The source corpus identifies the issue only as an "Oracle Fusion Middleware Unspecified Vulnerability." No CVSS score, attack vector, or impact details are provided in the supplied material. What is confirmed is that CISA categorized it as a known exploited vulnerability and linked remediation to Oracle's January 2022 security update guidance. In practical terms, defenders should assume exposure is meaningful enough to justify expedited patching and verification across Oracle Fusion Middleware instances.
Defensive priority
Urgent. The CISA KEV listing indicates known exploitation, and the published remediation due date in the supplied timeline is 2022-12-19.
Recommended defensive actions
- Apply Oracle's vendor-provided updates and mitigation guidance for Fusion Middleware as soon as possible.
- Inventory all Oracle Fusion Middleware deployments, including internet-facing and indirectly exposed instances.
- Verify patch status against Oracle's January 2022 CPU guidance referenced by CISA.
- Prioritize remediation and validation before and after the KEV due date.
- Monitor affected systems for anomalous activity until updates are confirmed installed.
- Document any exceptions and track them to closure with a short remediation SLA.
Evidence notes
This debrief uses only the provided source corpus and official links. Primary evidence comes from CISA KEV metadata identifying the vulnerability as known exploited and naming Oracle Fusion Middleware as the affected product. The source item notes point to Oracle's January 2022 CPU and the NVD record, but the supplied corpus does not include detailed vulnerability mechanics, so no unsupported impact claims are made.
Official resources
-
CVE-2021-35587 CVE record
CVE.org
-
CVE-2021-35587 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
CISA added CVE-2021-35587 to the Known Exploited Vulnerabilities catalog on 2022-11-28 and set a remediation due date of 2022-12-19. The supplied source material does not specify the flaw's exact behavior, so the advisory should be treated,