Security for everyone

CVE-2021-35464 Scanner

Detects 'Remote Code Execution (RCE)' vulnerability in ForgeRock AM Server affects v. before 7.0.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Source

-

ForgeRock identifies itself as a leader in digital identity management solutions. Its AM server (Access Management) is a central component of the ForgeRock Identity Platform. The server handles user access to applications or services. Access is granted or denied based on user permissions, and granted users are authenticated. The server is used in various industries, including healthcare, finance, e-commerce, and government.

However, the server was subject to a significant vulnerability - CVE-2021-35464. This vulnerability arises from a Java deserialization flaw in the jato.pageSession parameter. Any attacker can access this parameter remotely, without authentication. Once they exploit the vulnerability, a single crafted /ccversion/* request allows the attacker to execute remote code on the server.

The exploit can lead to various consequences, including stealing sensitive data, running arbitrary code, and complete server disruption. An attacker can execute code in the context of the AM server, allowing them to compromise the entire ForgeRock Identity Platform. The impact can be enormous if the server is used in a critical system or industry.

Thanks to the pro features of the securityforeveryone.com platform, it's easy to determine if your digital assets are vulnerable to CVE-2021-35464 or any other threats. The platform provides access to comprehensive vulnerability and threat analysis, penetration testing, and security best practices. Protect your digital assets—rely on securityforeveryone.com.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture