CVE-2018-7272

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...

CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

Deserialization of untrusted data

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

CVE-2021-35464

CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...

CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

Exploit for Deserialization of Untrusted Data in Forgerock Access_Management

openam CVE-2021-35464 tomcat 执行命令回显. 项目基于 ysoserialhttps:/...

CVE-2018-7272

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...

Cross site request forgery (csrf)

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...

CVE-2018-7272

ForgeRock AM before 5.5.0 exposes SSOToken IDs in REST API URLs, allowing attackers with access to logs to extract sensitive information. The root cause is including SSOToken identifiers in URLs, which can be retrieved from log files and reveal token values. Impact is limited to information discl...