Skip to main content

The ACSC has observed active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464) against a number of Australian organisations. The ACSC strongly recommends organisations urgently apply available patches or workarounds to mitigate the risk of this vulnerability being exploited.

Alert status
HIGH

Background

CVE-2021-35464 was disclosed on 23 June 2021 and targets ForgeRock OpenAM, an open-source access management solution. The ACSC has identified a number of Australian organisations which have been compromised through exploitation of this CVE.

CVE-2021-35464 provides a mechanism for remote code execution, allowing malicious actors to remotely execute code on an affected system. The ACSC has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools.

Additional information is available from ForgeRock security advisory #202104.

Mitigation

The ACSC strongly recommends that Australian organisations urgently:

  • Review their systems and networks for the presence of vulnerable instances of the OpenAM software; and
  • Update to OpenAM version 7 or apply the workaround as identified by the ForgeRock Security Advisory #202104.

If you are unable to upgrade or apply mitigations to your OpenAM instance, ACSC recommends isolating it from the internet or shutting down the server.

Assistance

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).