PT-2022-11529 · Forgerock · Forgerock Access Management

Maxence Schmitt

Published

2022-02-14

Updated

2022-02-23

CVE-2021-4201

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ForgeRock Access Management versions prior to 7.1.1 ForgeRock Access Management versions 6.5 prior to 6.5.4 ForgeRock Access Management versions prior to 6.5

Description The issue is related to missing access control, allowing remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.

Recommendations For ForgeRock Access Management versions prior to 7.1.1, update to version 7.1.1 or later. For ForgeRock Access Management versions 6.5 prior to 6.5.4, update to version 6.5.4 or later. For ForgeRock Access Management versions prior to 6.5, update to version 6.5 or later.

Fix

Improper Authentication

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-284

Related Identifiers

CVE-2021-4201

Affected Products

Forgerock Access Management

PT-2022-11529 · Forgerock · Forgerock Access Management

CVE-2021-4201

Weakness Enumeration

Related Identifiers

Affected Products

References · 3