CVE-2021-4201
high-risk
Published 2022-02-14
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
Do I need to act?
-
0.91% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.6/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Access Management
Affected Vendors
55
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
20/34 · Moderate