CVE-2021-35464CISA KEVEPSS p100.0%

CVE-2021-35464ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

ForgeRock / Access Management (AM)

Description

ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).

Scoring

EPSS100.00% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntryForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerabilitykev-cve-2021-354640%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Fortinet FortiClient EMS Improper Access Control Vulnerability
CVE
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
CVE
Oracle Fusion Middleware Unspecified Vulnerability
CVE
CVE-2026-45434
CVE
CVE-2025-22256
CVE
CVE-2026-33439
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.