Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FORGEROCK_OPENAM_7_0.NASL
HistoryJul 02, 2021 - 12:00 a.m.

ForgeRock Access Management < 7.0 RCE

2021-07-0200:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
92

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

The version of ForgeRock Access Management detected on the remote host is affected by a remote code execution vulnerability due to unsafe object deserialization. An unauthenticated, remote attacker can exploit this to execute code on the remote host.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151291);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");

  script_cve_id("CVE-2021-35464");
  script_xref(name:"IAVA", value:"2021-A-0359-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");

  script_name(english:"ForgeRock Access Management < 7.0 RCE");

  script_set_attribute(attribute:"synopsis", value:
"ForgeRock Access Management is affected by a remote code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of ForgeRock Access Management detected on the remote host is affected by a remote code execution
vulnerability due to unsafe object deserialization. An unauthenticated, remote attacker can exploit this to execute
code on the remote host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3a6dd6c");
  # https://www.rapid7.com/blog/post/2021/06/30/forgerock-openam-pre-auth-remote-code-execution-vulnerability-what-you-need-to-know/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9b6c0973");
  script_set_attribute(attribute:"see_also", value:"https://backstage.forgerock.com/knowledge/kb/article/a47894244");
  script_set_attribute(attribute:"solution", value:
"Upgrade to ForgeRock Access Management version 7.0 or later, or apply a workaround.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-35464");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'ForgeRock / OpenAM Jato Java Deserialization');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:forgerock:access_management");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:forgerock:openam");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("forgerock_access_management_web_detect.nbin");
  script_require_keys("installed_sw/ForgeRock Access Management");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80, 443, 8080, 8443);

  exit(0);
}

include('http.inc');
include('vcf.inc');

# Note, there are workarounds per https://www.rapid7.com/blog/post/2021/06/30/forgerock-openam-pre-auth-remote-code-execution-vulnerability-what-you-need-to-know/
# We can't check for them, but for high profile vulns, we typically avoid using paranoia at least at first release.
var app = 'ForgeRock Access Management';
var port = get_http_port(default:443);

var app_info = vcf::get_app_info(app:app, webapp:TRUE, port:port);

var constraints = [
  {'min_version' :  '0.0', 'fixed_version' : '6.1',  'fixed_display' : '7.0' },
  {'min_version' :  '6.5', 'max_version' : '6.5.3',  'fixed_display' : '7.0' },
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
VendorProductVersionCPE
forgerockaccess_managementcpe:/a:forgerock:access_management
forgerockopenamcpe:/a:forgerock:openam

Related

hackerone 3
cnvd 1
cve 1
packetstorm 2
checkpoint_advisories 1
rapid7blog 3
seebug 1
attackerkb 1
zdt 1
metasploit 1
threatpost 1
nvd 1
cisa 1
githubexploit 1
thn 3
nessus 1
nuclei 1
cvelist 1
cisa_kev 1
prion 1
exploitdb 1
trellix 2
avleonov 2
ics 1
hackerone
hackerone
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-07-01 18:21:48
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 09:11:23
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 08:58:44
cnvd
cnvd
ForgeRock AM code issue vulnerability
2021-06-30 00:00:00
cve
cve
CVE-2021-35464
2021-07-22 18:15:23
packetstorm
packetstorm
ForgeRock Access Manager/OpenAM 14.6.3 Remote Code Execution
2021-07-16 00:00:00
ForgeRock / OpenAM Jato Java Deserialization
2021-07-13 00:00:00
checkpoint_advisories
checkpoint_advisories
ForgeRock OpenAM Remote Code Execution (CVE-2021-35464)
2021-07-15 00:00:00
rapid7blog
rapid7blog
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
2021-06-30 15:26:49
Metasploit Wrap-Up
2021-07-16 19:47:06
What's New in InsightVM: Q3 2021 in Review
2021-10-08 13:30:00
seebug
seebug
ForgeRock AM远程代码执行漏洞(CVE-2021-35464)
2021-07-05 00:00:00
attackerkb
attackerkb
Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)
2021-07-22 00:00:00
zdt
zdt
ForgeRock Access Manager / OpenAM 14.6.3 - Remote Code Execution (Unauthenticated) Exploit
2021-07-16 00:00:00
metasploit
metasploit
ForgeRock / OpenAM Jato Java Deserialization
2021-07-02 21:05:39
threatpost
threatpost
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack
2021-07-12 18:01:46
nvd
nvd
CVE-2021-35464
2021-07-22 18:15:23
cisa
cisa
Critical ForgeRock Access Management Vulnerability
2021-07-12 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Forgerock Am
2021-07-01 03:51:32
thn
thn
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
2021-07-13 04:48:00
Telecom and BPO Companies Under Attack by SIM Swapping Hackers
2022-12-06 11:00:00
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
2023-09-21 09:11:00
nessus
nessus
OpenAM RCE (CVE-2021-35464)
2021-07-29 00:00:00
nuclei
nuclei
ForgeRock OpenAM <7.0 - Remote Code Execution
2021-06-29 11:56:37
cvelist
cvelist
CVE-2021-35464
2021-07-22 17:10:18
cisa_kev
cisa_kev
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
prion
prion
Deserialization of untrusted data
2021-07-22 18:15:00
exploitdb
exploitdb
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
2021-07-16 00:00:00
trellix
trellix
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
avleonov
avleonov
Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape
2021-07-05 15:19:07
Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
2021-07-19 16:29:00
ics
ics
2021 Top Routinely Exploited Vulnerabilities
2022-04-28 12:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for FORGEROCK_OPENAM_7_0.NASL
hackerone3cnvd1cve1packetstorm2checkpoint_advisories1rapid7blog3seebug1attackerkb1zdt1metasploit1threatpost1nvd1cisa1githubexploit1thn3nessus1nuclei1cvelist1cisa_kev1prion1exploitdb1trellix2avleonov2ics1