Friday, July 23, 2021

Critical RCE Vulnerability in ForgeRock Access Management

Must Read

Ransom payments are declining as many victims decide not to pay

A high percentage of ransom victims choose to opt-out of pay the ransom amounts but don't assume that the...

Italian police arrest suspects in Leonardo Army, defense data theft

A former worker and collaborator are accused of siphoning off sensitive data for nearly two decades. Italian authorities have detained...

Russia declines Microsoft claims of healthcare cyber attacks

Russia on Tuesday vehemently reduces claims by Microsoft that Russia was behind cyberattacks on businesses exploring coronavirus vaccines and...

Cybersecurity agencies in U.S. And Australia are warning of an actively exploited vulnerability impacting ForgeRock’s OpenAM access management solution.

Attackers are actively exploiting a critical, pre-authorization remote-code execution (RCE) vulnerability in the popular Access Management platform from digital identity management firm ForgeRock.

ForgeRock Access Management is a commercial open-access management solution that is based on OpenAM, an open-source access management solution. 

The Cybersecurity and Infrastructure Security Agency (CISA) warned on Monday that an attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability affects Access Management versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, and 6.5.3 and older unsupported versions.

Tracked as CVE-2021-35464, the issue concerns a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management tool and stems from an unsafe Java deserialization in the Jato framework used by the software.

Also on Monday, ForgeRock said in an updated security notice that the vulnerability does not affect Access Management 7 and above. This affects only a subset of ForgeRock customers that use older versions of the company’s Access Management product.

Mitigation

CISA recommends Access Management users:

The ACSC strongly recommends that Australian organizations urgently:

  • Review their systems and networks for the presence of vulnerable instances of the OpenAM software; and
  • Update to OpenAM version 7 or apply the workaround as identified by the ForgeRock Security Advisory #202104.

If you are unable to upgrade or apply mitigations to your OpenAM instance, ACSC recommends isolating it from the internet or shutting down the server.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This