CVE-2021-35464

⚠ KEVEPSS 94.4%

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

Added to CISA KEV: 11/3/2021

Description

ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).

Affected packages (0)

No package mapping in OSV.