Lucene search
K

162 matches found

VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.7 views

VulnCheck KEV: CVE-2021-35464

ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root...

10CVSS7.6AI score0.99999EPSS
Exploits8References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.25 views

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root user, whi...

10CVSS9AI score0.99999EPSS
In wildExploits8
Tenable Nessus
Tenable Nessus
added 2021/09/13 12:0 a.m.22 views

ForgeRock OpenAM LDAP Injection

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol or the password reset feature. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. No source data...

7.5CVSS7.9AI score0.76385EPSS
Exploits5References4
CNVD
CNVD
added 2021/08/27 12:0 a.m.36 views

ForgeRock AM XML Injection Vulnerability

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable a superior experience tailored to the unique needs of users and employees.ForgeRock Access Management AM prior to 7.0.2 versions contained an XML injection vulnerability that could be...

10CVSS4AI score0.01359EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/27 12:0 a.m.18 views

ForgeRock Access Management Licensing Issue Vulnerability

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable a superior experience tailored to the unique needs of users and employees. versions, an authorization issue vulnerability exists that stems from an authentication bypass issue when...

9.8CVSS3.8AI score0.01194EPSS
Exploits0References1
OSV
OSV
added 2021/08/25 9:15 p.m.5 views

CVE-2021-37154

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

9.8CVSS7.3AI score0.01359EPSS
Exploits0References2
NVD
NVD
added 2021/08/25 9:15 p.m.25 views

CVE-2021-37154

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

10CVSS0.01359EPSS
Exploits0References2
NVD
NVD
added 2021/08/25 9:15 p.m.18 views

CVE-2021-37153

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

9.8CVSS0.01194EPSS
Exploits0References2
OSV
OSV
added 2021/08/25 9:15 p.m.2 views

CVE-2021-37153

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

9.8CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/25 9:15 p.m.2 views

CVE-2021-37153

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

9.8CVSS7.2AI score0.01194EPSS
Exploits0References3
Prion
Prion
added 2021/08/25 9:15 p.m.15 views

Design/Logic Flaw

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

10CVSS9.3AI score0.01359EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/08/25 9:15 p.m.16 views

Authentication flaw

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

7.5CVSS9.4AI score0.01194EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/25 8:5 p.m.22 views

CVE-2021-37153

ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...

9.7AI score0.01194EPSS
Exploits0References2
CVE
CVE
added 2021/08/25 8:5 p.m.46 views

CVE-2021-37153

ForgeRock Access Management (AM) prior to 7.0.2 is affected when configured with Active Directory as the Identity Store. The issue is an authentication bypass that can impact confidentiality, integrity, and availability (CVSS v3.1: 9.8; base score 7.5/2.0). Concrete root cause and exploit details...

9.8CVSS9.4AI score0.01194EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/25 8:2 p.m.20 views

CVE-2021-37154

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

9.6AI score0.01359EPSS
Exploits0References2
CVE
CVE
added 2021/08/25 8:2 p.m.66 views

CVE-2021-37154

ForgeRock Access Management (AM) before 7.0.2 has a vulnerability in its SAML2 implementation that allows XML injection, potentially enabling fraudulent SAML 2.0 assertions. Affected component: AM SAML2 handling. Root cause: XML injection in SAML processing. Impact: high confidentiality, integrit...

10CVSS9.4AI score0.01359EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.6 views

ForgeRock Access Management 安全漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable a superior experience tailored to the unique needs of users and employees.ForgeRock Access Management AM prior to 7.0.2 versions contained an XML injection vulnerability that could be...

10CVSS5.7AI score0.01359EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.7 views

ForgeRock Access Management 授权问题漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable a superior experience tailored to the unique needs of users and employees. versions, an authorization issue vulnerability exists that stems from an authentication bypass issue when...

9.8CVSS5.6AI score0.01194EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/07/27 9:42 a.m.78 views

U.S. Dept Of Defense: [CVE-2021-29156] LDAP Injection at https://██████

Description: https://█████ is vulnerable to CVE-2021-29156 References https://hackerone.com/reports/1278050 https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

5CVSS7.8AI score0.76385EPSS
Exploits5
Hacker One
Hacker One
added 2021/07/26 2:28 p.m.101 views

U.S. Dept Of Defense: [CVE-2021-29156 on ForgeRock OpenAm] LDAP Injection in Webfinger Protocol!

Description: https://████████ is vulnerable to CVE-2021-29156. References https://nvd.nist.gov/vuln/detail/CVE-2021-29156 https://portswigger.net/research/hidden-oauth-attack-vectors...

5CVSS0.8AI score0.76385EPSS
Exploits5
Rows per page
Query Builder