4 matches found
CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
PT-2021-5345
Name of the Vulnerable Software and Affected Versions ForgeRock Access Management AM Core Server versions prior to 7.0 ForgeRock OpenAM version 14.6.3 and earlier Description The issue is related to a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. This...