VYPR

AM server

by Forgerock

CVEs (1)

  • CVE-2021-35464KEVJul 22, 2021
    risk 0.29cvss epss 1.00

    ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the…