Unrated severityNVD Advisory· Published Feb 14, 2022· Updated Apr 14, 2025
Pre-authentication session hijacking
CVE-2021-4201
Description
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
Affected products
2<=7.1.0+ 1 more
- (no CPE)range: <=7.1.0
- (no CPE)range: 7.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.