Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forgerock openam vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-35464
ForgeRock AM server prior to 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the serv...
Forgerock Am
Forgerock Openam
1 Github repository
7.5
CVSSv3
CVE-2021-29156
ForgeRock OpenAM prior to 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
Forgerock Openam
4 Github repositories
7.5
CVSSv3
CVE-2016-10097
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote malicious users to read arbitrary files via the SAMLRequest parameter.
Forgerock Openam 10.1.0
6.1
CVSSv3
CVE-2017-14394
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to perform phishing via an unvalidated redirect.
Forgerock Access Management
Forgerock Openam
6.1
CVSSv3
CVE-2017-14395
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to execute a script in the user's browser via reflected...
Forgerock Access Management
Forgerock Openam
NA
CVE-2014-7246
The Core Server in OpenAM 9.5.3 up to and including 9.5.5, 10.0.0 up to and including 10.0.2, 10.1.0-Xpress, and 11.0.0 up to and including 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafte...
Forgerock Openam 10.0.0
Forgerock Openam 10.0.1
Forgerock Openam 10.0.2
Forgerock Openam 10.1.0
Forgerock Openam 9.5.3
Forgerock Openam 9.5.5
Forgerock Openam 11.0.0
Forgerock Openam 11.0.2
Forgerock Openam 9.5.4
Forgerock Openam 11.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started