CVE-2021-4201
9.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ForgeRock | Access Management | 7.1 < 7.1.1 | affected |
| ForgeRock | Access Management | 6.5 < 6.5.4 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
Workarounds
Block access to the following endpoints: /authservice /sessionservice /profileservice /policyservice /namingservice /loggingservice
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.