{"vulnerability": "CVE-2021-3546", "sightings": [{"uuid": "57b8762d-550d-4eb4-8c62-9ef0e76bf58a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:17.000000Z"}, {"uuid": "ac138c8e-a8a0-4889-9303-4cb1365ef2ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "5617e67b-8c14-47ee-8aad-dd81e7d7dc3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-35464.yaml", "content": "", "creation_timestamp": "2023-04-27T09:58:59.000000Z"}, {"uuid": "5bea2b89-9b37-4960-9ec9-5f73d04debb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "MISP/8d14cbdd-1761-4098-8622-dee8ad1b3ce5", "content": "", "creation_timestamp": "2024-11-14T06:09:24.000000Z"}, {"uuid": "d1c86e77-8b7f-49f7-8cab-6a32be7eb6b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971086", "content": "", "creation_timestamp": "2024-12-24T20:24:02.731649Z"}, {"uuid": "d39d7df3-abda-4260-8104-bff2ec637760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-02)", "content": "", "creation_timestamp": "2025-02-02T00:00:00.000000Z"}, {"uuid": "1e13c62c-d89f-4264-a74a-ff2422e2df7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "cd9f560e-f97d-46bc-9353-503f60242ebf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-10)", "content": "", "creation_timestamp": "2024-11-10T00:00:00.000000Z"}, {"uuid": "5771bbee-b0e3-4c82-908d-8f06a03be9e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-05)", "content": "", "creation_timestamp": "2025-02-05T00:00:00.000000Z"}, {"uuid": "79407b1b-ef0e-487e-973a-ccc7a3a59ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2024-11-29)", "content": "", "creation_timestamp": "2024-11-29T00:00:00.000000Z"}, {"uuid": "9ad97262-4a3b-470b-83fc-f6869715f37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-25)", "content": "", "creation_timestamp": "2025-03-25T00:00:00.000000Z"}, {"uuid": "596c7d7f-651e-4419-8908-ca4861d2b83e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-03)", "content": "", "creation_timestamp": "2025-03-03T00:00:00.000000Z"}, {"uuid": "5514a9ad-b731-4dca-ac9f-b2f501a05aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:39.000000Z"}, {"uuid": "40ff67b1-e559-41dc-969b-32724412ea77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-24)", "content": "", "creation_timestamp": "2025-07-24T00:00:00.000000Z"}, {"uuid": "1241f95d-e94f-4d24-9c41-764383abc816", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-14)", "content": "", "creation_timestamp": "2025-07-14T00:00:00.000000Z"}, {"uuid": "7380b2ae-8c3b-4d5f-9986-149357a094bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-20)", "content": "", "creation_timestamp": "2025-03-20T00:00:00.000000Z"}, {"uuid": "ddc1cd5a-336d-4a7a-b152-cddf502cffef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:56.000000Z"}, {"uuid": "aec50868-ad9b-4e31-b00d-bbfb97f15c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-27)", "content": "", "creation_timestamp": "2025-04-27T00:00:00.000000Z"}, {"uuid": "6f042d3a-35ac-4e27-80c4-459845bd869a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-05-10)", "content": "", "creation_timestamp": "2025-05-10T00:00:00.000000Z"}, {"uuid": "f5b34e7d-56c6-43ab-ab4d-fb9918a879ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-10-15)", "content": "", "creation_timestamp": "2025-10-15T00:00:00.000000Z"}, {"uuid": "612fbe22-cde4-4379-9dc2-4a2a44248ad1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-31)", "content": "", "creation_timestamp": "2025-07-31T00:00:00.000000Z"}, {"uuid": "365d1178-fd8a-48b1-ae1a-33e9323471fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-01)", "content": "", "creation_timestamp": "2025-08-01T00:00:00.000000Z"}, {"uuid": "fce80433-b967-41de-9ba9-3e604204f536", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-08-01)", "content": "", "creation_timestamp": "2025-08-01T00:00:00.000000Z"}, {"uuid": "bb7ffc86-08b1-46e2-8bc7-5b2a81fe2809", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-09-16)", "content": "", "creation_timestamp": "2025-09-16T00:00:00.000000Z"}, {"uuid": "11cdf10c-b9fa-40dd-82cc-768145beb779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-11-20)", "content": "", "creation_timestamp": "2025-11-20T00:00:00.000000Z"}, {"uuid": "f01e2b25-ac0c-4655-922d-a9ac978f446f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-15)", "content": "", "creation_timestamp": "2025-09-15T00:00:00.000000Z"}, {"uuid": "869f0831-bd35-462d-96fd-be8f54779935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-08-15)", "content": "", "creation_timestamp": "2025-08-15T00:00:00.000000Z"}, {"uuid": "914bb780-19d0-4475-ac9d-f84066b763a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-21)", "content": "", "creation_timestamp": "2026-02-21T00:00:00.000000Z"}, {"uuid": "61931f3e-83af-4493-9228-09803a667455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-09-26)", "content": "", "creation_timestamp": "2025-09-26T00:00:00.000000Z"}, {"uuid": "c56fb0f5-16b6-4e22-a72a-4cef0510dde1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cve_2021_35464_forgerock_openam.rb", "content": "", "creation_timestamp": "2021-07-09T22:09:37.000000Z"}, {"uuid": "8cb33316-6cfc-41d2-843d-6044e50b7f5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-05)", "content": "", "creation_timestamp": "2026-02-05T00:00:00.000000Z"}, {"uuid": "45607191-c997-49c5-a045-23f3cd1ef51b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-02-04)", "content": "", "creation_timestamp": "2026-02-04T00:00:00.000000Z"}, {"uuid": "275d0aac-12ad-4520-9272-d631cd969eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-24)", "content": "", "creation_timestamp": "2026-03-24T00:00:00.000000Z"}, {"uuid": "7da71624-50c2-43c2-a6b9-fb0f9ed8d1ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-16)", "content": "", "creation_timestamp": "2026-03-16T00:00:00.000000Z"}, {"uuid": "36b10755-ed96-47c6-8ee9-590ba8e2dee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/66c21dac-31a1-4d9a-adbb-50968c33d311", "content": "", "creation_timestamp": "2026-02-02T12:28:43.862916Z"}, {"uuid": "b0287740-b3d0-413c-be4d-512018e74feb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-01-26)", "content": "", "creation_timestamp": "2026-01-26T00:00:00.000000Z"}, {"uuid": "b4e2fe86-3a26-4a4b-a976-318d2e9c0b54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-remote-code-execution-vulnerability-openam-can-be-exploited-fully-compromise", "content": "", "creation_timestamp": "2026-04-08T23:35:41.000000Z"}, {"uuid": "249cd6b5-75ef-4209-9281-677669c79e06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/rce/cve202135464", "content": "", "creation_timestamp": "2021-10-07T17:50:52.000000Z"}, {"uuid": "04e62453-35bf-426b-8d43-af5111cf7547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://www.acn.gov.it/portale/w/openidentityplatform-rilevato-sfruttamento-della-cve-2026-33439", "content": "", "creation_timestamp": "2026-04-13T07:31:02.000000Z"}, {"uuid": "3abf98ef-dd8f-451d-96ad-a565d38bd70e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/49", "content": "Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)\n\ud83d\udc64 by Michael Stepankin aka @artsploit\n\nThe story of discovering and exploiting a java deserialization vulnerability leading to RCE in ForgeRock OpenAM.\n\nPoC: GET /openam/oauth2/..;/ccversion/Version?jato.pageSession=[serialized_object]\n\n\ud83d\udcdd Contents:\n \u2022 The Story\n \u2022 Obtaining Code &amp; Decompiling\n \u2022 Source code analysis\n \u2022 Jato\n \u2022 Testing on bug bounty (and failing)\n \u2022 Building a custom gadget chain\n \u2022 Let's get this bread\n \u2022 The patch\n \u2022 Key takeaways\n\nhttps://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464", "creation_timestamp": "2021-06-29T13:17:30.000000Z"}, {"uuid": "32e29118-ed72-4780-ab41-adf38c1c1f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://t.me/arpsyndicate/841", "content": "#ExploitObserverAlert\n\nCVE-2021-35464\n\nDESCRIPTION: Exploit Observer has 28 entries related to CVE-2021-35464. ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier\n\nFIRST-EPSS: 0.973910000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-01T08:01:06.000000Z"}, {"uuid": "f28cfc18-ce58-4076-bfb9-9d1789498fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://t.me/ctinow/37771", "content": "U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)\n\nhttps://ift.tt/3f8qlsY", "creation_timestamp": "2021-07-29T23:01:40.000000Z"}, {"uuid": "8db94ddc-7870-47cd-9ac1-93dd54abeaff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://t.me/ctinow/37770", "content": "U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)\n\nhttps://ift.tt/3rJvCww", "creation_timestamp": "2021-07-29T23:01:39.000000Z"}, {"uuid": "cf426ce2-4c1c-46ec-bf08-e0d7bcc01d04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "Telegram/1aD0se4pHpvAWQ071J1ewz0xW9SRZEKkJBYCKa3YEF-WRfg", "content": "", "creation_timestamp": "2023-10-15T19:23:35.000000Z"}, {"uuid": "f4a9f94e-9b38-429b-b9ed-39a84ca6eb19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "exploited", "source": "https://t.me/true_secator/3791", "content": "Crowdstrike \u0440\u0430\u0441\u043a\u0440\u044b\u043b\u0438 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044e, \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0444\u0438\u043d\u0430\u043d\u0441\u043e\u0432\u043e \u043c\u043e\u0442\u0438\u0432\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u0435\u0442 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u0443\u0433 \u0438 \u0444\u0438\u0440\u043c, \u0437\u0430\u043d\u0438\u043c\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0443\u0442\u0441\u043e\u0440\u0441\u0438\u043d\u0433\u043e\u043c \u0431\u0438\u0437\u043d\u0435\u0441-\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0432, \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u0440\u043e\u0442\u0438\u0432\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044f \u0440\u0435\u0448\u0435\u043d\u0438\u044f\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0449\u0438\u0442\u043d\u044b\u043c \u043c\u0435\u0440\u0430\u043c \u0434\u043b\u044f \u0443\u043a\u043b\u043e\u043d\u0435\u043d\u0438\u044f \u043e\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0441\u043c\u043e\u0433\u043b\u0438 \u0432\u044b\u044f\u0432\u0438\u0442\u044c \u043f\u044f\u0442\u044c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439, \u043d\u0430\u0447\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u0441 \u0438\u044e\u043d\u044f 2022 \u0433\u043e\u0434\u0430. \u0410\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u0433\u0440\u0443\u043f\u043f\u0435 Scattered Spider.\n\n\u041a\u043e\u043d\u0435\u0447\u043d\u0430\u044f \u0446\u0435\u043b\u044c \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u2014 \u0432\u0437\u043b\u043e\u043c \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0431 \u0430\u0431\u043e\u043d\u0435\u043d\u0442\u0430\u0445 \u0434\u043b\u044f \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 \u0441 SIM-\u043a\u0430\u0440\u0442\u0430\u043c\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438\u0445 \u043f\u043e\u0434\u043c\u0435\u043d\u0443.\n\n\u041f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u043c \u0441\u0435\u0442\u044f\u043c \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0442\u0430\u043a\u0442\u0438\u043a \u0441\u043e\u0446\u0438\u043d\u0436\u0435\u043d\u0435\u0440\u0438\u0438.\n\n\u041e\u043d\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u0437\u0432\u043e\u043d\u043a\u0438 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430\u043c \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0418\u0422-\u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u0430 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 Telegram \u0438 SMS \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0446\u0435\u043b\u0435\u0439 \u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0435 \u0444\u0438\u0448\u0438\u043d\u0433\u043e\u0432\u044b\u0435 \u0441\u0430\u0439\u0442\u044b.\n\n\u0412 \u0440\u044f\u0434\u0435 \u0441\u043b\u0443\u0447\u0430\u0435\u0432 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u00a0CVE-2021-35464, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 ForgeRock AM,\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2021\u00a0\u0433\u043e\u0434\u0430, \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043a\u043e\u0434\u0430 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043d\u0430 AWS.\n\n\u041a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043f\u043e\u043b\u0443\u0447\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u043e\u043d\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u043b\u0438 \u0441\u0432\u043e\u0438 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0433\u043e \u043e\u0431\u0445\u043e\u0434\u0430 MFA, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u0443\u044e \u0443\u0447\u0435\u0442\u043d\u0443\u044e \u0437\u0430\u043f\u0438\u0441\u044c.\n\nCrowdstrike \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0438\u0435 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442 \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 RMM, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a: AnyDesk, BeAnywhere, Domotz, DWservice, Fixme.it, Fleetdeck.io, Itarian Endpoint Manager, Level.io, Logmein, ManageEngine, N-Able, Pulseway, Rport, Rsocx, ScreenConnect, SSH RevShell and RDP Tunnelling via SSH, Teamviewer, TrendMicro Basecamp, Sorillus \u0438 ZeroTier.\n\n\u041c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u0432\u044b\u0448\u0435\u043f\u0435\u0440\u0435\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u043c\u0438 \u0438, \u043a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u043e, \u043d\u0435 \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0439 \u0432 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\u0445 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0442\u043e, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043f\u044b\u0442\u0430\u043b\u0438\u0441\u044c \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438 \u0434\u0430\u0436\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u043b\u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u043e\u0441\u0442\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0434\u043e\u0441\u0442\u0443\u043f \u043a VPN \u0438/\u0438\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 RMM.\n\n\u0412\u043e \u0432\u0441\u0435\u0445 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f\u0445 \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 VPN \u0438 \u0442\u043e\u0447\u043a\u0438 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u043e\u0432 \u0434\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0441\u0440\u0435\u0434\u0435 Google Workspace \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0435\u0439 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438.\n\n\u0414\u043b\u044f \u0433\u043e\u0440\u0438\u0437\u043e\u043d\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u043b\u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0442\u0438\u043f\u044b \u0440\u0430\u0437\u0432\u0435\u0434\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u043b\u0438 \u0441\u043f\u0438\u0441\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438\u0437 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u043d\u044b\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432, \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u043b\u0438 WMI, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u043b\u0438 \u0442\u0443\u043d\u043d\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 SSH \u0438 \u0440\u0435\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u044e \u0434\u043e\u043c\u0435\u043d\u0430.\n\nCrowdstrike \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043e\u0431\u0448\u0438\u0440\u043d\u044b\u043c \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0438\u043d\u0434\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 (IoC) \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0445 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.", "creation_timestamp": "2022-12-06T16:05:07.000000Z"}, {"uuid": "01576a3e-63e3-46e5-9405-37f7e416e1f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35465", "type": "seen", "source": "https://t.me/cibsecurity/27697", "content": "\u203c CVE-2021-35465 \u203c\n\nCertain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM instruction. A Non-secure handler may have read or write access to part of a Secure context. This affects Arm Cortex-M33 r0p0 through r1p0, Arm Cortex-M35P r0, Arm Cortex-M55 r0p0 through r1p0, and Arm China STAR-MC1 (in the STAR SE configuration).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-23T16:23:16.000000Z"}, {"uuid": "e25dc961-547f-4a7c-bbcd-0d25a6c16f9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3729", "content": "#Threat_Research\n1. An EPYC escape:\nCase-study of a KVM breakout (PoC for CVE-2021-29657)\nhttps://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html\n2. Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)\nhttps://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464\n]-&gt; https://github.com/Y4er/openam-CVE-2021-35464", "creation_timestamp": "2022-12-16T07:26:08.000000Z"}, {"uuid": "b5d8da02-fc48-412d-bee9-81e213d5442c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35463", "type": "seen", "source": "https://t.me/cibsecurity/26807", "content": "\u203c CVE-2021-35463 \u203c\n\nCross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-04T19:24:21.000000Z"}, {"uuid": "9c8a9b54-a55a-47d0-97f7-712fef6fdb5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-35464", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/730", "content": "CVE-2021-35464 ForgeRock OpenAM RCE\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-35464_ForgeRock_OpenAM_RCE%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:20.000000Z"}]}