Quote:Attackers are actively exploiting a critical, pre-authorization remote-code execution (RCE) vulnerability in the popular Access Management platform from digital identity management firm ForgeRock.
Access Management, a commercial access-management platform, is based on the OpenAM open-source access-management platform for web applications. The platform front-ends web apps and remote-access setups in many enterprises.
On Monday morning, the Cybersecurity and Infrastructure Security Agency (CISA) warned that the vulnerability could enable attackers to execute commands in the context of the current user. The flaw can be found in Access Management versions below 7.0 running on Java 8. That means 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3, as well as older, unsupported versions are all sitting ducks.
Also on Monday, ForgeRock said in an updated security advisory that the flaw doesn’t affect Access Management 7 and above. It only impacts a subset of ForgeRock customers who are using older versions of the company’s Access Management product.
An exploit for the critical vulnerability at the heart of the matter – CVE-2021-35464 – was first reported by Michael Stepankin, a researcher for the cybersecurity firm PortSwigger, on June 29. In his report, Stepankin explained that he created a new Ysoserial deserialization gadget chain specifically for the exploit.
Read more: Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
