ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·11/3/2021
CVE-2021-35464 added to CISA KEV: ForgeRock Access Management (AM)
Status: ✅ Confirmed exploited in the wild
Date added: 2021-11-03
Required action: Apply updates per vendor instructions.
Due date: 2021-11-17
Why this matters
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.