Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-35464
HistoryJul 22, 2021 - 6:15 p.m.

Deserialization of untrusted data

2021-07-2218:15:00
PRIOn knowledge base
www.prio-n.com
6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier

CPENameOperatorVersion
amge5.0.0
amlt6.5.3
openamge9.0.0
openamlt14.6.3

Related

nessus 2
hackerone 3
cisa_kev 1
checkpoint_advisories 1
seebug 1
attackerkb 1
rapid7blog 3
cnvd 1
cve 1
packetstorm 2
zdt 1
threatpost 1
metasploit 1
cisa 1
githubexploit 1
thn 3
nuclei 1
exploitdb 1
trellix 2
avleonov 2
ics 1
nessus
nessus
ForgeRock Access Management < 7.0 RCE
2021-07-02 00:00:00
OpenAM RCE (CVE-2021-35464)
2021-07-29 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 08:58:44
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 09:11:23
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-07-01 18:21:48
cisa_kev
cisa_kev
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
checkpoint_advisories
checkpoint_advisories
ForgeRock OpenAM Remote Code Execution (CVE-2021-35464)
2021-07-15 00:00:00
seebug
seebug
ForgeRock AMθΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄žοΌˆCVE-2021-35464οΌ‰
2021-07-05 00:00:00
attackerkb
attackerkb
Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)
2021-07-22 00:00:00
rapid7blog
rapid7blog
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
2021-06-30 15:26:49
Metasploit Wrap-Up
2021-07-16 19:47:06
What's New in InsightVM: Q3 2021 in Review
2021-10-08 13:30:00
cnvd
cnvd
ForgeRock AM code issue vulnerability
2021-06-30 00:00:00
cve
cve
CVE-2021-35464
2021-07-22 18:15:00
packetstorm
packetstorm
ForgeRock Access Manager/OpenAM 14.6.3 Remote Code Execution
2021-07-16 00:00:00
ForgeRock / OpenAM Jato Java Deserialization
2021-07-13 00:00:00
zdt
zdt
ForgeRock Access Manager / OpenAM 14.6.3 - Remote Code Execution (Unauthenticated) Exploit
2021-07-16 00:00:00
threatpost
threatpost
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack
2021-07-12 18:01:46
metasploit
metasploit
ForgeRock / OpenAM Jato Java Deserialization
2021-07-02 21:05:39
cisa
cisa
Critical ForgeRock Access Management Vulnerability
2021-07-12 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Forgerock Am
2021-07-01 03:51:32
thn
thn
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
2021-07-13 04:48:00
Telecom and BPO Companies Under Attack by SIM Swapping Hackers
2022-12-06 11:00:00
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
2023-09-21 09:11:00
nuclei
nuclei
ForgeRock OpenAM <7.0 - Remote Code Execution
2021-06-29 11:56:37
exploitdb
exploitdb
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
2021-07-16 00:00:00
trellix
trellix
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
avleonov
avleonov
Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape
2021-07-05 15:19:07
Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
2021-07-19 16:29:00
ics
ics
2021 Top Routinely Exploited Vulnerabilities
2022-04-28 12:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for PRION:CVE-2021-35464
nessus2hackerone3cisa_kev1checkpoint_advisories1seebug1attackerkb1rapid7blog3cnvd1cve1packetstorm2zdt1threatpost1metasploit1cisa1githubexploit1thn3nuclei1exploitdb1trellix2avleonov2ics1