CVE-2021-4201 — CRITICAL (9.6)

Vulnerability Description

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Forgerock	Access Management	5.5.2

Related Weaknesses (CWE)

CWE-287 CWE-284

References

https://backstage.forgerock.com/knowledge/kb/article/a50037155#x7ZPA0PatchVendor Advisory
https://backstage.forgerock.com/knowledge/kb/article/a50037155#x7ZPA0PatchVendor Advisory

FAQ

What is CVE-2021-4201?

CVE-2021-4201 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions...

How severe is CVE-2021-4201?

CVE-2021-4201 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-4201?

Check the references section above for vendor advisories and patch information. Affected products include: Forgerock Access Management.