Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-35464

KEV · Ransomware EPSS 94.39% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-35464

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ForgeRock AM 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ForgeRock AM是一个开源的访问管理、权限控制平台,在大学、社会组织中存在广泛的应用。 ForgeRock AM存在代码问题漏洞,未经身份验证的攻击者可以通过构造特殊的请求远程执行任意代码,并接管运行ForgeRockAM的服务器。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-35464

#POC DescriptionSource LinkShenlong Link
1openam-CVE-2021-35464 tomcat 执行命令回显https://github.com/Y4er/openam-CVE-2021-35464POC Details
2Nonehttps://github.com/rood8008/CVE-2021-35464POC Details
3ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-35464.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-35464

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-07-22 · 58 CVEs total

CVE-2021-36222MIT Kerberos 代码问题漏洞
CVE-2020-22284lwip 安全漏洞
CVE-2021-34261STMicroelectronics STM32Cube 安全漏洞
CVE-2021-34260STMicroelectronics STM32Cube 缓冲区错误漏洞
CVE-2021-34259STMicroelectronics STM32Cube Middleware 安全漏洞
CVE-2021-34262STMicroelectronics STM32Cube 缓冲区错误漏洞
CVE-2021-26224SourceCodester Fantastic-Blog-CMS 跨站脚本漏洞
CVE-2021-26223CASAP Automated Enrollment SQL注入漏洞
CVE-2021-33032EQ-3 eQ-3 HomeMatic CCU2 和 CCU3 操作系统命令注入漏洞
CVE-2020-36033Sourcecodester SourceCodester Water Billing System SQL注入漏洞
CVE-2021-27332CASAP Automated Enrollment 跨站脚本漏洞
CVE-2021-25197SourceCodester Content Management System 跨站脚本漏洞
CVE-2015-2098WebGate eDVR Manager 缓冲区溢出漏洞
CVE-2015-2099webgateinc WebGate Control Center 缓冲区溢出漏洞
CVE-2021-25202Bakeshop Inventory System SQL注入漏洞
CVE-2015-2100webgateinc WebGate Control Center 缓冲区错误漏洞
CVE-2021-26226CASAP Automated Enrollment SQL注入漏洞
CVE-2021-35063Suricata 安全漏洞
CVE-2021-33478Broadcom Media exChange 缓冲区错误漏洞
CVE-2021-26227CASAP Automated Enrollment 跨站脚本漏洞

Showing top 20 of 58 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-35464

No comments yet

Leave a comment