A Critical ForgeRock Access Management (AM) vulnerability (CVE-2021-35464) has been exploited in the wild. The issue affects ForgeRock’s OpenAM, an open-source AM solution.
According to an Australian Cyber Security Centre (ACSC) security advisory, attackers have been exploiting a vulnerability in ForgeRock OpenAM vulnerability (CVE-2021-35464) against a number of Australian organizations. As a result, multiple of those entities have been compromised.
“The ACSC has observed malicious actors exploiting the vulnerability in ForgeRock AM/OpenAM to gain initial access to networks in multiple organisations, and facilitate further access within these networks,” the ACSC wrote in the advisory on July 9.
“When exploited, the vulnerability allows Remote Code Execution (RCE) on the server through unsafe Java deserialisation in the Jato framework, which is used by both ForgeRock AM and the open-source OpenAM,” ACSC added.
The vulnerability impacts AM versions 6.0.0.x and all versions of 6.5, up to and including 6.5.3, as well as older unsupported versions. However, the issues does not affect AM 7 and above.
Moreover, the ACSC recommends entities upgrade their ForgeRock AM systems to latest version 7 or above. ForgeRock also provided a patch for the vulnerability on July 11, 2021, with additional updates as of July 12, 2021.
Update as of July 12, 2021: This article has been updated to include patch that was made available as of July 11, 2021.