Security News > 2021 > July > Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely.
"The has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," the organization said in an alert.
Tracked as CVE-2021-35464, the issue concerns a pre-authentication remote code execution vulnerability in ForgeRock Access Manager identity and access management tool, and stems from an unsafe Java deserialization in the Jato framework used by the software.
"An attacker exploiting the vulnerability will execute commands in the context of the current user, not as the root user," the San Francisco-headquartered software firm noted in an advisory.
The vulnerability affects versions 6.0.0.x and all versions of 6.5, up to and including 6.5.3, and has been addressed in version AM 7 released on June 29, 2021.
ForgeRock customers are advised to move quickly to deploy the patches to mitigate the risk associated with the flaw.
News URL
Related news
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- RCE bug in widely used Ghostscript library now exploited in attacks (source)
- Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack (source)
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical ServiceNow RCE flaws actively exploited to steal credentials (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-35464 | Deserialization of Untrusted Data vulnerability in Forgerock AM and Openam ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. | 10.0 |