Connect with us

Hi, what are you looking for?


Malware & Threats

ForgeRock AM Vulnerability Exploited in Attacks

Government agencies in the United States and Australia warn organizations that a vulnerability affecting ForgeRock Access Management has been exploited in the wild.

Government agencies in the United States and Australia warn organizations that a vulnerability affecting ForgeRock Access Management has been exploited in the wild.

Offered by identity and access management solutions provider ForgeRock, Access Management (AM) is designed to allow organizations to manage various types of digital identities. AM is based on the OpenAM open source solution, which ForgeRock sponsored until 2016.

The vulnerability discovered in ForgeRock AM, tracked as CVE-2021-35464 and rated critical, is a Java deserialization issue that can be exploited by an unauthenticated attacker for remote code execution by sending a specially crafted request to an exposed system.

In its advisory, ForgeRock said, “An attacker can use the code execution to extract credentials and certificates, or to gain a further foothold on the host by staging some kind of shell (such as the common implant Cobalt Strike).”

According to the vendor, AM versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3 are impacted, as well as AM 5.x (no longer supported), and OpenAM versions 9.x through 13.x. AM version 7 is not affected.

The flaw was discovered by Michael Stepankin, a researcher at cybersecurity firm PortSwigger. Stepankin disclosed details of the vulnerability and shared proof-of-concept (PoC) code in late June, when ForgeRock announced the availability of a patch and workarounds.

The Australian Cyber Security Centre (ACSC) warned in an alert issued on July 7, roughly one week after a patch was released, that it had identified “a number of Australian organizations” that had been breached through the exploitation of this vulnerability.

“The ACSC has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools,” the agency said.

Advertisement. Scroll to continue reading.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Monday, but it’s unclear whether the agency has also observed attacks or if the warning is based on the ACSC alert, which is referenced by CISA.

ForgeRock noted that an attacker can exploit the vulnerability to execute code in the context of the current user, which is why it has advised organizations to ensure that AM is running with minimal privileges.

“The ForgeRock AM deployment should also have suitable firewall, or security groups attached which do not allow traffic in or out of the server where not explicitly required,” the company said.

*updated to clarify that version 7 of AM is not affected; added more information on affected products; headline modified;

Related: SolarWinds Confirms New Zero-Day Flaw Under Attack

Related: GitHub Informs Users of ‘Potentially Serious’ Authentication Bug

Related: XSS Vulnerability in Cisco Security Products Exploited in the Wild

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights