← ExploitWatch
HomeExploited Vulnerabilities

CVE-2021-35464 — Actively Exploited: Access Management (AM) (ForgeRock)

ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does

CVE IDCVE-2021-35464
VendorForgeRock
ProductAccess Management (AM)
Vulnerability nameForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
Date added2021-11-03
Remediation due2021-11-17
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →