Lucene search
+L
ForgerockAccess Management*

4 matches found

CVE
CVE
added 2021/07/22 5:10 p.m.1239 views

CVE-2021-35464

CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...

10CVSS9.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2024/03/27 5:9 p.m.95 views

CVE-2023-0582

The CVE-2023-0582 entry describes an improper limitation of a pathname to a restricted directory (path traversal) in ForgeRock Access Management that enables authorization bypass. The issue affects ForgeRock Access Management versions prior to 7.3.0, prior to 7.2.1, prior to 7.1.4, and up to 7.0....

9.8CVSS8.5AI score0.0078EPSS
CVE
CVE
added 2021/08/25 8:2 p.m.66 views

CVE-2021-37154

ForgeRock Access Management (AM) before 7.0.2 has a vulnerability in its SAML2 implementation that allows XML injection, potentially enabling fraudulent SAML 2.0 assertions. Affected component: AM SAML2 handling. Root cause: XML injection in SAML processing. Impact: high confidentiality, integrit...

10CVSS9.4AI score0.01359EPSS
CVE
CVE
added 2018/02/21 12:0 a.m.46 views

CVE-2018-7272

ForgeRock AM before 5.5.0 exposes SSOToken IDs in REST API URLs, allowing attackers with access to logs to extract sensitive information. The root cause is including SSOToken identifiers in URLs, which can be retrieved from log files and reveal token values. Impact is limited to information discl...

6.5CVSS6.1AI score0.00878EPSS