ForgeRock / OpenAM Jato Java Deserialization

Posted by deepcore on July 14, 2021 – 3:16 am

This Metasploit module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM’s implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a vulnerable endpoint. Successful exploitation yields code execution on the target system as the service user. This vulnerability also affects the ForgeRock identity platform which is built on top of OpenAM and thus is susceptible to the same issue.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« VMware vCenter Server Virtual SAN Health Check Remote Code Execution VirTool.Win32.Afix Buffer Overflow / Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

ForgeRock / OpenAM Jato Java Deserialization

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL