ForgeRock / OpenAM Jato Java Deserialization

Up next

VMware vCenter Server Virtual SAN Health Check Remote Code Execution

This Metasploit module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM’s implementation of the Jato framework and can be triggered by a simple one-line GET or POST request to a vulnerable endpoint. Successful exploitation yields code execution on the target system as the service user. This vulnerability also affects the ForgeRock identity platform which is built on top of OpenAM and thus is susceptible to the same issue.

Mobile Security

Will Facebook’s End-to-End Encryption Protect Abortion-Seeking Users?

The recent abolition of the right to an abortion in the United…

Cybersdecurity RedFlag
July 6, 2022

Mobile Security

Dutch University Turns a Profit on Ransomware Payment

The Netherlands Maastricht University has announced that an extended investigation into…

Cybersdecurity RedFlag
July 6, 2022

Mobile Security

NATO Announce Plans to Develop Cyber Rapid Response Capabilities

NATO has announced plans to develop virtual rapid response capabilities “to…

Cybersdecurity RedFlag
July 5, 2022

Mobile Security

Ukrainian Authorities Arrest Phishing Gang For Embezzling 100 Million UAH

Last week, the Cyber Police of Ukraine disclosed that it apprehended nine…

Cybersdecurity RedFlag
July 5, 2022