Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability (CVE-2021-35464) in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability affects Access Management versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3 and older unsupported versions.
CISA recommends Access Management users:
- Review the ForgeRock Security Advisory and the Australian Cyber Security Centre Alert;
- Check for vulnerable instances of the Access Management software (see ForgeRock’s Technical Impact Assessment); and
- Prioritize deploying an update to Access Management version 7 or apply the workaround urgently.