CVE-2021-35464

⚠ KEVEPSS 94.4%

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

加入 CISA KEV 日:2021/11/3

描述

ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).

受影響套件(0)

OSV 沒有提供套件對應。