Lucene search
K
ForgerockOpenam

6 matches found

CVE
CVE
added 2021/07/22 5:10 p.m.1230 views

CVE-2021-35464

CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...

10CVSS9.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2019/06/19 9:22 p.m.138 views

CVE-2017-14394

The CVE-2017-14394 affects ForgeRock OpenAM (OAuth 2.0 Authorization Server) versions 13.5.0–13.5.1 and Access Management (AM) 5.0.0–5.1.1. The issue is improper validation of redirect_uri for certain invalid requests, enabling phishing via an unvalidated redirect. The provided documents do not s...

6.1CVSS6.3AI score0.00794EPSS
CVE
CVE
added 2019/06/19 9:22 p.m.136 views

CVE-2017-14395

ForgeRock Access Management (OpenAM) 13.5.0–13.5.1 and Access Management (AM) 5.0.0–5.1.1 expose a vulnerability where redirect_uri is not properly validated for some invalid requests, enabling a reflected XSS to execute in the user’s browser. This CVE (CVE-2017-14395) is described in multiple so...

6.1CVSS6.4AI score0.00793EPSS
CVE
CVE
added 2021/03/25 8:20 a.m.104 views

CVE-2021-29156

CVE-2021-29156 affects ForgeRock OpenAM (before 13.5.1). An LDAP injection vulnerability via the Webfinger protocol (and password-reset flow) allows unauthenticated attackers to perform character-by-character data extraction, potentially retrieving password hashes, session tokens, or a private ke...

7.5CVSS7.7AI score0.76385EPSS
CVE
CVE
added 2017/01/02 9:46 a.m.51 views

CVE-2016-10097

CVE-2016-10097 affects ForgeRock OpenAM - Access Management 10.1.0. An XML External Entity (XXE) vulnerability exists in the endpoint /SSOPOST/metaAlias/%realm%/idpv2, allowing remote attackers to read arbitrary files via the SAMLRequest parameter. The issue is confirmed by multiple sources in co...

7.5CVSS7.4AI score0.02454EPSS
Web
CVE
CVE
added 2014/11/14 12:0 a.m.47 views

CVE-2014-7246

The CVE-2014-7246 entry concerns OpenAM Core Server versions 9.5.3–9.5.5, 10.0.0–10.0.2, 10.1.0-Xpress, and 11.0.0–11.0.2. A denial-of-service (infinite loop) can be triggered by a crafted cookie in requests when deployed in a multi-server configuration and accessed by remote authenticated users....

3.5CVSS6.3AI score0.01067EPSS