CVE-2021-35464 - ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
Project:ForgeRock
Product:Access Management (AM)
Date Added:2021-11-03Due Date:2021-11-17
Vulnerability Name
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
Description
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-35464