03 Aug, 2021

Critical RCE in ForgeRock Access Manager

The Australian Cyber Security Center has found that a critical pre-authorization remote code execution (RCE) vulnerability in digital identity management firm ForgeRock's popular Access Management platform can be actively exploited.

The vulnerability, published as CVE-2021-35464, relates to a pre-authentication remote code execution (RCE) vulnerability in the ForgeRock Access Manager identity and access management tool and is caused by an insecure Java serialization in the Jato framework used by the software. detected.

ForgeRock, a commercial access-management platform, is based on the OpenAM open source access management platform for web applications.

Managed by a team of 600 people, ForgeRock also has offices in the UK, France, Canada, Norway, Germany, Australia and Singapore. The solutions offered by ForgeRock are currently used by more than a thousand organizations. It is worth adding that important companies such as AutoZone, Philips, Geico, BBC, BMW, Pearson and Deloitte are among the customers of ForgeRock, because this published vulnerability actually indirectly affects these companies.

The vulnerability affects all 6.5 versions from 6.0.0.x to 6.5.3 and 6.5. It also affects the AM 7 version released on June 29, 2021. ForgeRock has prepared a quick patch for its customers. This patch temporarily reduces the risk.

Source:
thehackernews.com
rapid7.com
threatpost.com

For support and offers on KVKK, ISO 270001, Information and Communication Security Guide, ISO 27701, Information Security, Cyber Security and Information Technologies, please

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram