CVE-2021-35464
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
ForgeRock / Access Management (AM)
Vulnerabilidad
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
17 nov 2021
Uso conocido en ransomware
Sí
Descripción resumida
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2021-35464
Sin CVEs relacionados por CWE o producto.