CVE STALKER

CVE-2021-35464

CVSS
DESCRIPTIONForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/Version request to the server. The vulnerability exists due to incorrect usage of Sun ONE Application Framework (JATO).
HEAT SCORE470

WORDS

TWEETS

DATE TWEETS USER
2021-07-24 05:10:16New post from https://t.co/uXvPWJy6tj (CVE-2021-35464) has been published on https://t.co/zM0dY7UKuj http://www.sesin.at https://www.sesin.at/2021/07/24/cve-2021-35464/WolfgangSesin
2021-07-24 05:10:12New post from https://t.co/9KYxtdZjkl (CVE-2021-35464) has been published on https://t.co/iGk0caysCD http://www.sesin.at https://www.sesin.at/2021/07/24/cve-2021-35464/www_sesin_at
2021-07-23 00:10:07NA - CVE-2021-35464 - ForgeRock AM server 6.x before 7, and OpenAM... (Latest articles about Ongoing threats) https://t.co/4U01oikU7w https://www.security-database.com/detail.php?alert=CVE-2021-35464&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Last100Alerts+%28Security-Database+Alerts+Monitor+%3A+Last+100+Alerts%29Bobe_bot
2021-07-22 23:00:20CVE-2021-35464 is called Unhedged Hippopotamus https://t.co/sjRtdjkpoP https://nvd.nist.gov/vuln/detail/CVE-2021-35464vulnonym
2021-07-22 18:50:25CVE-2021-35464 ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in the… https://t.co/7w0FjXFXTx https://twitter.com/i/web/status/1418281035817754633CVEnew
2021-07-22 18:20:16CVE-2021-35464 : ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in t… https://t.co/hGF43KqmJ4 https://twitter.com/i/web/status/1418272178181660676CVEreport
2021-07-20 09:20:04another entrypoint to exploit this vulnerability 😌 /ccversion/ButtonFrame /ccversion/Masthead CVE-2021-35464 https://t.co/MmKLxdTCBNWayc0de
2021-07-19 15:40:03The VULN in question is CVE-2021-35464, which allows an attacker to perform a Remote Code Execution (RCE) on affect… https://t.co/9eY8z65I7l https://twitter.com/i/web/status/1417146941301985282Chi_from_afar
2021-07-15 12:40:11Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) https://t.co/9ycglzXsds https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464autumn_good_35
2021-07-14 21:40:08Finally! bisa tidur nyenyak dah 😌 Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) https://t.co/sYGIt30nvZWayc0de
2021-07-14 16:41:03https://t.co/3jZr0t87JI The vulnerability (CVE-2021-35464) allows attackers to execute commands in the context of… https://t.co/f9BgHJUAwe https://cyberthreatintelligence.com/news/hackers-exploit-new-vulnerability-the-forgerock-access/ https://twitter.com/i/web/status/1415345584437825536CTI_Alerts
2021-07-14 09:30:07Beside the active exploitation of CVE-2021-35464, Here is another view of the Pre-Auth RCE in ForgeRock AM => https://t.co/VQbHRIeALD https://link.medium.com/iuhew6zIShbtestanull
2021-07-14 08:50:09US and Australian #cybersecurity agencies are warning of an actively exploited RCE #vulnerability (CVE-2021-35464)… https://t.co/MaWZW3URW3 https://twitter.com/i/web/status/1415230274045194240Edsondnt
2021-07-14 03:10:14Deserialization in jato framework used by forgerock CVE-2021-35464 https://t.co/9BqjqhOoYg https://thehackernews.com/2021/07/critical-rce-flaw-in-forgerock-access.htmlr00tpgp
2021-07-14 02:01:27⚠️ForgeRock Access Managementの重大な脆弱性(CVE-2021-35464) 🇺🇸米国の組織の84%が昨年フィッシングもしくはランサムウェア攻撃を受ける 🚨アドビのオンラインPDFサービスを装うフィ… https://t.co/9OIxs6gjhz https://twitter.com/i/web/status/1415127609667559426MachinaRecord
2021-07-13 22:21:28US and Australian cybersecurity agencies are warning of an actively exploited RCE vulnerability (CVE-2021-35464) in… https://t.co/WEiDqjNAKe https://twitter.com/i/web/status/1415071893258866691MOQdigital
2021-07-13 21:30:13Big +1 to @ForgeRock for publishing details for defense (see Technical Impact Assessment CVE-2021-35464 from… https://t.co/Af5MvV8PdW https://twitter.com/i/web/status/1415060683935391752zmanion
2021-07-13 09:40:39US and Australian #cybersecurity agencies are warning of an actively exploited RCE #vulnerability (CVE-2021-35464)… https://t.co/90fQUZKbEx https://twitter.com/i/web/status/1414879801710628864security_wang
2021-07-13 09:12:37Хакеры эксплуатируют новую уязвимость в платформе ForgeRock Access Management Уязвимость (CVE-2021-35464) позволяет… https://t.co/xEnRb7OVxz https://twitter.com/i/web/status/1414873571848036354texnopluz
2021-07-13 06:20:36US and Australian #cybersecurity agencies are warning of an actively exploited RCE #vulnerability (CVE-2021-35464)… https://t.co/rFynSjxKzX https://twitter.com/i/web/status/1414830709433409538unix_root
2021-07-13 05:00:44US and Australian #cybersecurity agencies are warning of an actively exploited RCE #vulnerability (CVE-2021-35464)… https://t.co/PdfiWfwRdx https://twitter.com/i/web/status/1414809667717324807TheHackersNews
2021-07-13 05:00:35US and Australian #cybersecurity agencies are warning of an actively exploited RCE #vulnerability (CVE-2021-35464)… https://t.co/EFpZm4IrNf https://twitter.com/i/web/status/1414809872152113152Swati_THN
2021-07-13 05:00:34US and Australian #cybersecurity agencies are warning of an actively exploited RCE #vulnerability (CVE-2021-35464)… https://t.co/nTzj5aaPRZ https://twitter.com/i/web/status/1414809907799289862Cybernews24h
2021-07-13 05:00:13"US and Australian #cybersecurity agencies are warning of an actively exploited RCE #vulnerability (CVE-2021-35464)… https://t.co/g3G6gBJrFT https://twitter.com/i/web/status/1414811171769683970trip_elix
2021-07-13 00:00:11ForgeRock AM CVE-2021-35464 analysis c/o the singular @wvuuuuuuuuuuuuu—deserialization bug arises from a vulnerable… https://t.co/JRZ7BO7Rt9 https://twitter.com/i/web/status/1414734748795109378catc0n
2021-07-12 19:00:08ACSC: Australian organizations compromised through ForgeRock vulnerability Vulnerability is CVE-2021-35464, a pre-… https://t.co/w0uAVvytXZ https://twitter.com/i/web/status/1414660767882878984campuscodi
2021-07-12 18:00:07Critical ForgeRock Access Management vulnerability (CVE-2021-35464) exploited https://t.co/XwD8fwBFbC… https://t.co/Z3qIFjxpf8 https://buff.ly/3xGW7Vy https://twitter.com/i/web/status/1414643248807690251securezoo
2021-07-06 15:10:44https://t.co/xxNHwIMn8U Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) - The Daily Swig. https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464eagerbeavertech
2021-07-06 07:40:05#cve New vulnerability: ForgeRock AM RCE (CVE-2021-35464) (RedTeam version) More Vulnerabilities,… https://t.co/XfgYALss2l https://twitter.com/i/web/status/1412314664302743555goby77463399
2021-07-05 19:00:34P1 solved ! #openam #CVE-2021-35464 #bugcrowd #bugbountytips #BugBounty https://t.co/eNJ9oYPPSYPhilippeDelteil
2021-07-05 05:50:06OSSTech OpenAM に任意のコードを実行される問題 (CVE-2021-35464) [39400] https://t.co/6ywonlKJrF #SIDfm #脆弱性情報 https://sid.softek.jp/content/show/39400softek_jp
2021-07-03 16:10:29#Learn365 Day-184: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) Blog by @artsploit : https://t.co/vQF9ArGydl https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464harshbothra_
2021-07-02 04:20:09Just found a RCE (CVE-2021-35464) on a bank #bugbountytips #bugbountyPhilippeDelteil
2021-07-01 05:00:16ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know https://t.co/J2IcWlDpVz https://blog.rapid7.com/2021/06/30/forgerock-openam-pre-auth-remote-code-execution-vulnerability-what-you-need-to-know/MathWebEntry
2021-07-01 04:36:13CVE-2021-35464 openam CVE-2021-35464 tomcat 执行命令回显. 项目基于 ysoserial 和 Java-Rce-Echo 构建项目...… https://t.co/gR9forkTPi https://twitter.com/i/web/status/1410455130164584448VulmonFeeds
2021-07-01 03:10:38CVE-2021-35464 ForgeRock OpenAM RCE漏洞 https://t.co/Jrlgg5fS97 https://www.pwnwiki.org/index.php?title=CVE-2021-35464_ForgeRock_OpenAM_RCE%E6%BC%8F%E6%B4%9Epwnwikiorg
2021-07-01 03:01:16#cve New vulnerability: ForgeRock AM RCE (CVE-2021-35464) (RedTeam version) More Vulnerabilities,… https://t.co/S0upCP16RG https://twitter.com/i/web/status/1410431167283621889goby77463399
2021-06-30 21:12:34What an awesome find and a great write-up by @artsploit on Pre-auth #RCE in ForgeRock OpenAM (CVE-2021-35464). A mu… https://t.co/EpdOJjkc2s https://twitter.com/i/web/status/1410344604944191496securestep9
2021-06-30 17:42:51Rapid 7 - ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You N… https://t.co/mQ0lkypsDu https://twitter.com/i/web/status/1410290487664300040buzz_sec
2021-06-30 15:47:31Rapid7 Blog | ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What Y… https://t.co/ECTo1YvZ88 https://twitter.com/i/web/status/1410259429866426377StopMalvertisin
2021-06-30 12:00:29Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) https://t.co/e7ZpSfeGyz #cyber https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464ellenke64965894
2021-06-30 11:51:40https://t.co/FauWHGyg1b Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) | PortSwigger Research #cybersecurity https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464netsecu
2021-06-30 11:30:07CVE-2021-35464: ForgeRock AM remote code execution vulnerability: ForgeRock AM is open-source access management and… https://t.co/s90Z3FF5SR https://twitter.com/i/web/status/1410198217170374661morodog
2021-06-30 10:00:08Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) https://t.co/yqbj31gl3M #Pentesting #RCE #CVE #CyberSecurity… https://t.co/oJLHjE8ssH https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 https://twitter.com/i/web/status/1410175977733464069ptracesecurity
2021-06-30 08:10:14Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) | PortSwigger Research https://t.co/eBuLUOX6bb https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464Securityblog
2021-06-30 07:30:21#News CVE-2021-35464: ForgeRock AM remote code execution vulnerability: ForgeRock AM is open-source access manageme… https://t.co/pDF7wkeh2n https://twitter.com/i/web/status/1410137310532755459morodog
2021-06-30 06:50:09CVE-2021-35464: ForgeRock AM remote code execution vulnerability https://t.co/2y4IcTaAZp #info #news #tech https://meterpreter.org/cve-2021-35464-forgerock-am-remote-code-execution-vulnerability/the_yellow_fall
2021-06-29 19:30:07Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) https://t.co/IRj8wgaVLl #ForgeRock #RCE #CVE https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464axcheron
2021-06-29 17:20:04Top story: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) | PortSwigger Research https://t.co/4KEKJhipIA, see mo… https://t.co/n7hE5HvMH2 https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 https://twitter.com/i/web/status/1409924161770754048infowaropcenter
2021-06-29 13:00:13New post: "Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)" https://t.co/D2FnpuCZdk https://ift.tt/3dq0V9kMyinfosecfeed
2021-06-29 12:30:08Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) https://t.co/8wLMgg16fY https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464experiencia_T
2021-06-29 12:30:07Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) via /r/netsec https://t.co/qg2XvGKNye #cybersecurity #netsec #news https://ift.tt/35Zy8EBCybrXx0
2021-06-29 12:00:15Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) ... mas info aqui https://t.co/O5aIlwImYP https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464FINSIN_CL
2021-06-29 11:50:14Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) https://t.co/lFNKpzgGUu https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464_r_netsec
2021-06-29 11:40:18Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464) by @artsploit https://t.co/Fe1zr2PrSJ #exploit #bugbounty https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464PortSwiggerRes