1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-35464 ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-35464, a pre-auth remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management software. ForgeRock front-ends web applications and remote access solutions in many enterprises.
References
  1. https://www.cisa.gov/news-events/alerts/2021/07/12/critical-forgerock-access-management-vulnerability
  2. https://www.rapid7.com/blog/post/2021/06/30/forgerock-openam-pre-auth-remote-code-execution-vulnerability-what-you-need-to-know/
CVE-2021-35464 ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2021-35464, a pre-auth remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management software. ForgeRock front-ends web applications and remote access solutions in many enterprises.
References
  1. https://www.cisa.gov/news-events/alerts/2021/07/12/critical-forgerock-access-management-vulnerability
  2. https://www.rapid7.com/blog/post/2021/06/30/forgerock-openam-pre-auth-remote-code-execution-vulnerability-what-you-need-to-know/