#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
Get the Free Newsletter
Open Access Manager | Breaking Cybersecurity News | The Hacker News
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
Jul 13, 2021
Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The [Australian Cyber Security Centre] has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," the organization said in an alert. ACSC didn't disclose the nature of the attacks, how widespread they are, or the identities of the threat actors exploiting them. Tracked as CVE-2021-35464 , the issue concerns a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager identity and access management tool, and stems from an unsafe Java deserialization in the Jato framework used by the software. "An attacker exploiting the vulnerability will execute commands in the context of the current user, not as the root user (unless ForgeRo
Befriend Your Mom with Technology
Explain cybersecurity with Moonlock
Discover Our Unparalleled Threat Detection Capabilities
Try Fidelis Elevate for 30 days and discover threats your current provider missed.
Webinar: A New Approach to Mitigating Insider Risks
Learn how you can easily mitigate the modern security risks introduced by your employees.
Advance in the Field of Cybersecurity with Georgetown
Learn cybersecurity strategies from the experts. Attend a sample class on Nov. 30.
Join 120,000+ Professionals
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.