What is CVE-2021-4201?

CVE-2021-4201 is a vulnerability in ForgeRock Access Management 7.1.0 and earlier versions on all platforms that allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.

What is the severity of CVE-2021-4201?

CVE-2021-4201 has a severity rating of 9.8, which is considered critical.

What are the affected versions of ForgeRock Access Management?

The affected versions of ForgeRock Access Management include 7.1.0, 7.0.2, 7.0.1, 7.0.0, 6.5.3, 6.5.2.3, 6.5.2.2, 6.5.2.1, 6.5.2, 6.5.1, 6.5.0.2, 6.5.0.1, 6.5.0, 6.0.0.7, 6.0.0.6, 6.0.0.4, 6.0.0.3, 6.0.0.2, 6.0.0.1, and 6.0.0.

Where can I find more information about CVE-2021-4201?

You can find more information about CVE-2021-4201 at the following link: [CVE-2021-4201](https://backstage.forgerock.com/knowledge/kb/article/a50037155#x7ZPA0)

Vulnerability/
CVE-2021-4201

critical

9.8

CWE

287 284

14/2/2022

16/9/2024

CVE-2021-4201: Pre-authentication session hijacking

First published: Mon Feb 14 2022(Updated: )

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.

Credit: psirt@forgerock.com

Affected Software	Affected Version	How to fix
ForgeRock Access Management	=5.5.2
ForgeRock Access Management	=6.0.0
ForgeRock Access Management	=6.0.0.1
ForgeRock Access Management	=6.0.0.2
ForgeRock Access Management	=6.0.0.3
ForgeRock Access Management	=6.0.0.4
ForgeRock Access Management	=6.0.0.6
ForgeRock Access Management	=6.0.0.7
ForgeRock Access Management	=6.5.0
ForgeRock Access Management	=6.5.0.1
ForgeRock Access Management	=6.5.0.2
ForgeRock Access Management	=6.5.1
ForgeRock Access Management	=6.5.2.1
ForgeRock Access Management	=6.5.2.2
ForgeRock Access Management	=6.5.2.3
ForgeRock Access Management	=6.5.3
ForgeRock Access Management	=7.0.0
ForgeRock Access Management	=7.0.1
ForgeRock Access Management	=7.0.2
ForgeRock Access Management	=7.1.0

Remedy

https://backstage.forgerock.com/knowledge/kb/article/a50037155#x7ZPA0

Remedy

This issue is fixed in AM 6.5.4, 7.1.1, and all later versions.

Never miss a vulnerability like this again

Reference Links

https://backstage.forgerock.com/knowledge/kb/article/a50037155#x7ZPA0

Frequently Asked Questions

What is CVE-2021-4201?
CVE-2021-4201 is a vulnerability in ForgeRock Access Management 7.1.0 and earlier versions on all platforms that allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.
What is the severity of CVE-2021-4201?
CVE-2021-4201 has a severity rating of 9.8, which is considered critical.
How does CVE-2021-4201 affect ForgeRock Access Management?
CVE-2021-4201 affects ForgeRock Access Management 7.1 versions prior to 7.1.1 and 6.5 versions prior to 6.5.3.
What are the affected versions of ForgeRock Access Management?
The affected versions of ForgeRock Access Management include 7.1.0, 7.0.2, 7.0.1, 7.0.0, 6.5.3, 6.5.2.3, 6.5.2.2, 6.5.2.1, 6.5.2, 6.5.1, 6.5.0.2, 6.5.0.1, 6.5.0, 6.0.0.7, 6.0.0.6, 6.0.0.4, 6.0.0.3, 6.0.0.2, 6.0.0.1, and 6.0.0.
Where can I find more information about CVE-2021-4201?
You can find more information about CVE-2021-4201 at the following link: [CVE-2021-4201](https://backstage.forgerock.com/knowledge/kb/article/a50037155#x7ZPA0)

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
agent/references
agent/author
agent/severity
agent/remedy
agent/title
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/forgerock
canonical/forgerock access management
version/forgerock access management/5.5.2
version/forgerock access management/6.0.0
version/forgerock access management/6.0.0.1
version/forgerock access management/6.0.0.2
version/forgerock access management/6.0.0.3
version/forgerock access management/6.0.0.4
version/forgerock access management/6.0.0.6
version/forgerock access management/6.0.0.7
version/forgerock access management/6.5.0
version/forgerock access management/6.5.0.1
version/forgerock access management/6.5.0.2
version/forgerock access management/6.5.1
version/forgerock access management/6.5.2.1
version/forgerock access management/6.5.2.2
version/forgerock access management/6.5.2.3
version/forgerock access management/6.5.3
version/forgerock access management/7.0.0
version/forgerock access management/7.0.1
version/forgerock access management/7.0.2
version/forgerock access management/7.1.0

CVE-2021-4201: Pre-authentication session hijacking

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-4201?

What is the severity of CVE-2021-4201?

How does CVE-2021-4201 affect ForgeRock Access Management?

What are the affected versions of ForgeRock Access Management?

Where can I find more information about CVE-2021-4201?

Company

Resources

Contact