Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forgerock openam vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2021-35464
ForgeRock AM server prior to 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the serv...
Forgerock Am
Forgerock Openam
1 Metasploit module
1 Github repository
446
VMScore
CVE-2021-29156
ForgeRock OpenAM prior to 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
Forgerock Openam
4 Github repositories
516
VMScore
CVE-2017-14394
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to perform phishing via an unvalidated redirect.
Forgerock Access Management
Forgerock Openam
383
VMScore
CVE-2017-14395
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows malicious users to execute a script in the user's browser via reflected...
Forgerock Access Management
Forgerock Openam
445
VMScore
CVE-2016-10097
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote malicious users to read arbitrary files via the SAMLRequest parameter.
Forgerock Openam 10.1.0
312
VMScore
CVE-2014-7246
The Core Server in OpenAM 9.5.3 up to and including 9.5.5, 10.0.0 up to and including 10.0.2, 10.1.0-Xpress, and 11.0.0 up to and including 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafte...
Forgerock Openam 10.0.0
Forgerock Openam 10.0.1
Forgerock Openam 10.0.2
Forgerock Openam 10.1.0
Forgerock Openam 9.5.3
Forgerock Openam 9.5.5
Forgerock Openam 11.0.0
Forgerock Openam 11.0.2
Forgerock Openam 9.5.4
Forgerock Openam 11.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started