7 July 2021
Dear ACSC Alert Service subscriber
There is active exploitation of a vulnerability in ForgeRock OpenAM (reported as CVE-2021-35464). The exploitation has been used to compromise a number of Australian organisations. We strongly recommend organisations urgently apply available patches or workarounds to mitigate against further compromise.
CVE-2021-35464 was disclosed on 23 June 2021 and targets ForgeRock OpenAM, an open-source access management solution. We have identified a number of Australian organisations which have been compromised through exploitation of this CVE.
The CVE allows malicious actors to remotely execute code on an affected system. We have observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools.
Additional information is available from ForgeRock security advisory #202104.
Mitigation
We strongly recommend that Australian organisations urgently:
- Review their systems and networks for the presence of vulnerable instances of the OpenAM software; and
- Update to OpenAM version 7 or apply the workaround as identified by the ForgeRock Security Advisory #202104.
If you are unable to upgrade or apply mitigations to your OpenAM instance, we recommend isolating it from the internet or shutting down the server.
Assistance
We are monitoring the situation and are able to provide assistance and advice as required.
Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).
Read this alert on the website: https://www.cyber.gov.au/acsc/view-all-content/alerts/forgerock-open-am-critical-vulnerability
Are you a victim of cybercrime? Visit ReportCyber to take your next steps.
We use hyperlinks to give you more information. If you don’t want to click hyperlinks, you can search for the information on the cyber.gov.au.
CONTACT US
Facebook: https://www.facebook.com/cybergovau
Twitter: https://twitter.com/CyberGovAU
Web: www.cyber.gov.au
https://www.cyber.gov.au/acsc/view-all-content/alerts/forgerock-open-am-critical-vulnerability