Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability (CVE-2021-35464) in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability affects Access Management versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3 and older unsupported versions.
CISA recommends Access Management users:
Support the originator by clicking the read the rest link below.
