CVE-2018-7272: AM 5.0.0, 5.1.0



Vulnerable Software

AM 5.0.0, 5.1.0


Unauthorized Access

Time Line

  • 15.12.2017 Vendor informed
  • X.01.2018  Vendor patched flaw
  • 24.01.2018 Vendor released Security Advisory


The AM from Forgerock is vulnerable to unauthorized access. The TokenIDs are sended via HTTP-GET requests, which are stored at several places like proxy-logs, local browser history and the like. This could be abused by malicious administrators.


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.

2 Gedanken zu “CVE-2018-7272: AM 5.0.0, 5.1.0

  • Trim Pill Keto Reviews

    I’m impressed, I must say. Seldom do I come across a blog that’s both educative and amusing, and without a doubt,
    you have hit the nail on the head. The issue is something that too few men and women are speaking intelligently about.
    I’m very happy that I stumbled across this in my search for something relating to this.

  • minecraft

    It’s very trouble-free to find out any topic on net as compared to books,
    as I found this piece of writing at this website.