PT-2026-30917

Name of the Vulnerable Software and Affected Versions OpenAM versions prior to 16.0.6 Description Open Access Management OpenAM is an access management solution. An unauthenticated attacker can achieve arbitrary command execution on the server through unsafe Java deserialization. This occurs when...

ForgeRock AM远程代码执行漏洞（CVE-2021-35464）

Pre-auth RCE in ForgeRock OpenAM CVE-2021-35464 Michael Stepankin Researcher @artsploit Published: 29 June 2021 at 11:23 UTC Updated: 29 June 2021 at 18:15 UTC While participating in one private bug bounty program, I discovered a pre-auth RCE in ForgeRock OpenAM server - a popular access manageme...

ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know

On June 29, 2021, security researcher Michael Stepankin @artsploit posted details of CVE-2021-35464, a pre-auth remote code execution RCE vulnerability in ForgeRock Access Manager identity and access management software. ForgeRock front-ends web applications and remote access solutions in many...

U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)

A vulnerability in ForgeRock OpenAM allowed unauthenticated remote code execution due to unsafe Java deserialization in the Jato framework. The vulnerability, tracked as CVE-2021-35464, could be exploited by sending a crafted request to the /openam/ccversion/Version endpoint with a malicious...