Friday, October 15, 2021

Critical RCE Vulnerability in ForgeRock Access Management

Must Read

Critical ThroughTek vulnerability attackers access Millions of Connected Cameras

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on Friday, Issued an advisory about a critical vulnerability in the...

Indian supply-chain giant Bizongo suffers a massive data breach

Indian start-ups have been hit with a string of data breaches in recent days, and Mumbai-based digital supply-chain giant...

Ongoing ransomware attack leaves systems badly affected, says Scottish Environmental Regulator

About a month after the first attack, the Scottish Environmental Protection Agency (SEPA) systems remained offline - and stolen...

Cybersecurity agencies in U.S. And Australia are warning of an actively exploited vulnerability impacting ForgeRock’s OpenAM access management solution.

Attackers are actively exploiting a critical, pre-authorization remote-code execution (RCE) vulnerability in the popular Access Management platform from digital identity management firm ForgeRock.

ForgeRock Access Management is a commercial open-access management solution that is based on OpenAM, an open-source access management solution. 

The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that an attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability affects Access Management versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, and 6.5.3 and older unsupported versions.

Tracked as CVE-2021-35464, the issue concerns a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management tool and stems from an unsafe Java deserialization in the Jato framework used by the software.

Also on Monday, ForgeRock said in an updated security notice that the vulnerability does not affect Access Management 7 and above. This affects only a subset of ForgeRock customers that use older versions of the company’s Access Management product.

Mitigation

CISA recommends Access Management users:

The ACSC strongly recommends that Australian organizations urgently:

  • Review their systems and networks for the presence of vulnerable instances of the OpenAM software; and
  • Update to OpenAM version 7 or apply the workaround as identified by the ForgeRock Security Advisory #202104.

If you are unable to upgrade or apply mitigations to your OpenAM instance, ACSC recommends isolating it from the internet or shutting down the server.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This