CVE-2021-35464
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
⚠ KEVEPSS 94.4%
Description
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
How to fix CVE-2021-35464
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2021-35464 being exploited?
Yes — CVE-2021-35464 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.