Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forgerock am vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-37153
ForgeRock Access Management (AM) prior to 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.
Forgerock Access Management
10
CVSSv2
CVE-2021-37154
In ForgeRock Access Management (AM) prior to 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
Forgerock Access Management
10
CVSSv2
CVE-2021-35464
ForgeRock AM server prior to 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the serv...
Forgerock Am
Forgerock Openam
1 Github repository
5.8
CVSSv2
CVE-2017-14394
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to perform phishing via an unvalidated redirect.
Forgerock Access Management
Forgerock Openam
4.3
CVSSv2
CVE-2017-14395
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to execute a script in the user's browser via reflected...
Forgerock Access Management
Forgerock Openam
4
CVSSv2
CVE-2018-7272
The REST APIs in ForgeRock AM prior to 5.5.0 include SSOToken IDs as part of the URL, which allows malicious users to obtain sensitive information by finding an ID value in a log file.
Forgerock Access Management
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started