CVE-2021-35464: ForgeRock Access Management (AM) Core Server Remote Code
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability. ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
- CISA KEV-listed (remediation due 2021-11-17)
- used in ransomware campaigns
- EPSS 94.4% (100.0% percentile)