The REST APIs in ForgeRock AM prior to 5.5.0 include SSOToken IDs as part of the URL, which allows malicious users to obtain sensitive information by finding an ID value in a log file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
forgerock access management |