Lucene search
K

180 matches found

GithubExploit
GithubExploit
added 2021/07/01 3:51 a.m.356 views

Exploit for Deserialization of Untrusted Data in Forgerock Access_Management

openam CVE-2021-35464 tomcat 执行命令回显. 项目基于 ysoserialhttps:/...

10CVSS9.8AI score0.99999EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2021/06/30 3:26 p.m.289 views

ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know

On June 29, 2021, security researcher Michael Stepankin @artsploit posted details of CVE-2021-35464, a pre-auth remote code execution RCE vulnerability in ForgeRock Access Manager identity and access management software. ForgeRock front-ends web applications and remote access solutions in many...

1.3AI score0.99999EPSS
Exploits8
Hacker One
Hacker One
added 2021/06/30 9:11 a.m.49 views

U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)

A vulnerability in ForgeRock OpenAM allowed unauthenticated remote code execution due to unsafe Java deserialization in the Jato framework. The vulnerability, tracked as CVE-2021-35464, could be exploited by sending a crafted request to the /openam/ccversion/Version endpoint with a malicious...

9.8CVSS9.7AI score0.99999EPSS
Exploits8
Hacker One
Hacker One
added 2021/06/30 8:58 a.m.320 views

U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)

RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM. Supporting Material/References - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 Impact An unauthenticated, 3rd-party attacker or adversary can execute remote code System...

10CVSS9.6AI score0.99999EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2021/06/30 12:0 a.m.60 views

ForgeRock OpenAM < 7.0 Remote Code Execution

ForgeRock OpenAM is a popular access management software which is used to provide single sign-on SSO features to web applications. ForgeRock OpenAM versions below 7.0 suffer from a deserialization vulnerability, allowing a remote unauthenticated attacker to perform remote code execution on the...

10CVSS10AI score0.99999EPSS
Exploits8References3
Positive Technologies
Positive Technologies
added 2021/04/06 12:0 a.m.4 views

PT-2021-9610 · Openiam · Openam

Name of the Vulnerable Software and Affected Versions: OpenIAM versions prior to 4.2.0.3 Description: The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/" endpoint. This means that users without proper...

8.1CVSS8.2AI score0.00876EPSS
Exploits0References4
CNVD
CNVD
added 2021/04/02 12:0 a.m.11 views

Unspecified Vulnerability in ForgeRock OpenAM

ForgeRock OpenAM is the United States ForgeRock Forgerock company's set of open source single sign-on framework SSO. The framework by providing the core identity services CoreServer to achieve a transparent single sign-on in a network architecture such as centralized , distributed single sign-on....

7.5CVSS6.8AI score0.76385EPSS
Exploits5References1
NCSC
NCSC
added 2021/03/30 12:0 a.m.3 views

Vulnerability fixed in OpenAM

A vulnerability has been fixed in OpenAM. The vulnerability allows an unauthenticated remote malicious person to use of an LDAP injection attack to obtain sensitive information. Updates have been released to fix the vulnerability. More information can be found on the page below:...

7.5CVSS7.2AI score0.76385EPSS
Exploits5
OSV
OSV
added 2021/03/25 9:15 a.m.4 views

CVE-2021-29156

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

7.5CVSS7.1AI score0.76385EPSS
Exploits5References2
NVD
NVD
added 2021/03/25 9:15 a.m.15 views

CVE-2021-29156

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

7.5CVSS0.76385EPSS
Exploits5References2
Prion
Prion
added 2021/03/25 9:15 a.m.18 views

Code injection

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

5CVSS7.8AI score0.76385EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2021/03/25 8:20 a.m.101 views

CVE-2021-29156

CVE-2021-29156 affects ForgeRock OpenAM (before 13.5.1). An LDAP injection vulnerability via the Webfinger protocol (and password-reset flow) allows unauthenticated attackers to perform character-by-character data extraction, potentially retrieving password hashes, session tokens, or a private ke...

7.5CVSS7.7AI score0.76385EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2021/03/25 8:20 a.m.38 views

CVE-2021-29156

ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...

8.1AI score0.76385EPSS
Exploits5References2
CNNVD
CNNVD
added 2021/03/25 12:0 a.m.6 views

Forgerock ForgeRock OpenAM 注入漏洞

ForgeRock OpenAM is the United States ForgeRock Forgerock company's set of open source single sign-on framework SSO. The framework by providing the core identity services CoreServer to achieve a transparent single sign-on in a network architecture such as centralized , distributed single sign-on....

7.5CVSS5.7AI score0.76385EPSS
Exploits5References9
Positive Technologies
Positive Technologies
added 2021/03/25 12:0 a.m.11 views

PT-2021-18117 · Forgerock · Forgerock Openam

Name of the Vulnerable Software and Affected Versions: ForgeRock OpenAM versions prior to 13.5.1 Description: The issue allows LDAP injection via the Webfinger protocol. An unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a...

7.5CVSS7.7AI score0.76385EPSS
Exploits5References10
OSV
OSV
added 2019/06/19 10:15 p.m.1 views

CVE-2017-14395

Auth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2019/06/19 10:15 p.m.11 views

CVE-2017-14394

OAuth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect...

6.1CVSS6.3AI score0.00794EPSS
Exploits0References1
OSV
OSV
added 2019/06/19 10:15 p.m.2 views

CVE-2017-14394

OAuth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect...

6.1CVSS5.8AI score0.00794EPSS
Exploits0References1
Prion
Prion
added 2019/06/19 10:15 p.m.16 views

Cross site scripting

Auth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS...

4.3CVSS6.4AI score0.00793EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2019/06/19 10:15 p.m.14 views

Authorization

OAuth 2.0 Authorization Server of ForgeRock Access Management OpenAM 13.5.0-13.5.1 and Access Management AM 5.0.0-5.1.1 does not correctly validate redirecturi for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect...

5.8CVSS6.3AI score0.00794EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder