Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forgerock openam vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2021-35464
ForgeRock AM server prior to 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the serv...
Forgerock Am
Forgerock Openam
1 Github repository
516
VMScore
CVE-2017-14394
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to perform phishing via an unvalidated redirect.
Forgerock Access Management
Forgerock Openam
446
VMScore
CVE-2021-29156
ForgeRock OpenAM prior to 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
Forgerock Openam
4 Github repositories
445
VMScore
CVE-2016-10097
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote malicious users to read arbitrary files via the SAMLRequest parameter.
Forgerock Openam 10.1.0
383
VMScore
CVE-2017-14395
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to execute a script in the user's browser via reflected...
Forgerock Access Management
Forgerock Openam
312
VMScore
CVE-2014-7246
The Core Server in OpenAM 9.5.3 up to and including 9.5.5, 10.0.0 up to and including 10.0.2, 10.1.0-Xpress, and 11.0.0 up to and including 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafte...
Forgerock Openam 10.0.0
Forgerock Openam 10.0.1
Forgerock Openam 10.0.2
Forgerock Openam 10.1.0
Forgerock Openam 9.5.3
Forgerock Openam 9.5.5
Forgerock Openam 11.0.0
Forgerock Openam 11.0.2
Forgerock Openam 9.5.4
Forgerock Openam 11.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started