Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-35464
HistoryJul 22, 2021 - 6:15 p.m.

CVE-2021-35464

2021-07-2218:15:23
CWE-502
[email protected]
web.nvd.nist.gov
1

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier

Affected configurations

NVD
Node
forgerockamRange5.0.0–6.5.3
OR
forgerockopenamRange9.0.0–14.6.3

Related

packetstorm 2
cve 1
hackerone 3
cnvd 1
metasploit 1
threatpost 1
zdt 1
rapid7blog 3
attackerkb 1
seebug 1
checkpoint_advisories 1
cisa 1
thn 3
nessus 2
githubexploit 1
nuclei 1
cisa_kev 1
prion 1
cvelist 1
exploitdb 1
trellix 2
avleonov 2
ics 1
packetstorm
packetstorm
ForgeRock Access Manager/OpenAM 14.6.3 Remote Code Execution
2021-07-16 00:00:00
ForgeRock / OpenAM Jato Java Deserialization
2021-07-13 00:00:00
cve
cve
CVE-2021-35464
2021-07-22 18:15:23
hackerone
hackerone
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-07-01 18:21:48
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 09:11:23
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 08:58:44
cnvd
cnvd
ForgeRock AM code issue vulnerability
2021-06-30 00:00:00
metasploit
metasploit
ForgeRock / OpenAM Jato Java Deserialization
2021-07-02 21:05:39
threatpost
threatpost
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack
2021-07-12 18:01:46
zdt
zdt
ForgeRock Access Manager / OpenAM 14.6.3 - Remote Code Execution (Unauthenticated) Exploit
2021-07-16 00:00:00
rapid7blog
rapid7blog
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
2021-06-30 15:26:49
Metasploit Wrap-Up
2021-07-16 19:47:06
What's New in InsightVM: Q3 2021 in Review
2021-10-08 13:30:00
attackerkb
attackerkb
Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)
2021-07-22 00:00:00
seebug
seebug
ForgeRock AMθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄žοΌˆCVE-2021-35464οΌ‰
2021-07-05 00:00:00
checkpoint_advisories
checkpoint_advisories
ForgeRock OpenAM Remote Code Execution (CVE-2021-35464)
2021-07-15 00:00:00
cisa
cisa
Critical ForgeRock Access Management Vulnerability
2021-07-12 00:00:00
thn
thn
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
2021-07-13 04:48:00
Telecom and BPO Companies Under Attack by SIM Swapping Hackers
2022-12-06 11:00:00
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
2023-09-21 09:11:00
nessus
nessus
OpenAM RCE (CVE-2021-35464)
2021-07-29 00:00:00
ForgeRock Access Management < 7.0 RCE
2021-07-02 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Forgerock Am
2021-07-01 03:51:32
nuclei
nuclei
ForgeRock OpenAM <7.0 - Remote Code Execution
2021-06-29 11:56:37
cisa_kev
cisa_kev
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
prion
prion
Deserialization of untrusted data
2021-07-22 18:15:00
cvelist
cvelist
CVE-2021-35464
2021-07-22 17:10:18
exploitdb
exploitdb
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
2021-07-16 00:00:00
trellix
trellix
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
avleonov
avleonov
Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape
2021-07-05 15:19:07
Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
2021-07-19 16:29:00
ics
ics
2021 Top Routinely Exploited Vulnerabilities
2022-04-28 12:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON
Related for NVD:CVE-2021-35464
packetstorm2cve1hackerone3cnvd1metasploit1threatpost1zdt1rapid7blog3attackerkb1seebug1checkpoint_advisories1cisa1thn3nessus2githubexploit1nuclei1cisa_kev1prion1cvelist1exploitdb1trellix2avleonov2ics1