The Australian Cyber Security Center has found that a critical pre-authorization remote code execution (RCE) vulnerability in digital identity management firm ForgeRock's popular Access Management platform can be actively exploited.

The vulnerability, published as CVE-2021-35464, relates to a pre-authentication remote code execution (RCE) vulnerability in the ForgeRock Access Manager identity and access management tool and is caused by an insecure Java serialization in the Jato framework used by the software. detected.

ForgeRock, a commercial access-management platform, is based on the OpenAM open source access management platform for web applications.

Managed by a team of 600 people, ForgeRock also has offices in the UK, France, Canada, Norway, Germany, Australia and Singapore. The solutions offered by ForgeRock are currently used by more than a thousand organizations. It is worth adding that important companies such as AutoZone, Philips, Geico, BBC, BMW, Pearson and Deloitte are among the customers of ForgeRock, because this published vulnerability actually indirectly affects these companies.

The vulnerability affects all 6.5 versions from 6.0.0.x to 6.5.3 and 6.5. It also affects the AM 7 version released on June 29, 2021. ForgeRock has prepared a quick patch for its customers. This patch temporarily reduces the risk.

Source:
thehackernews.com
rapid7.com
threatpost.com

[vc_row][vc_column][vc_cta h2=”” add_button=”bottom” btn_title=”TIKLAYIN” btn_style=”flat” btn_shape=”square” btn_color=”danger” css_animation=”fadeInLeft” btn_link=”url:https%3A%2F%2Fcyberartspro.com%2Fteklif-isteme-formu%2F||target:%20_blank|”]KVKK, ISO 270001, Bilgi ve İletişim Güvenliği Rehberi, ISO 27701, Bilgi Güvenliği, Siber Güvenlik ve Bilgi Teknolojileri konularında destek ve teklif almak için lütfen[/vc_cta][/vc_column][/vc_row]