Free call

CVE-2018-7272: AM 5.0.0, 5.1.0

25. August 2018

CVE

CVE-2018-7272

Vulnerable software

AT 5.0.0, 5.1.0

Vulnerability

Unauthorized access

Timeline

  • 15.12.2017 Seller informs
  • X.01.2018  Manufacturer has patched vulnerability
  • 24.01.2018 Manufacturer publishes safety notice

Description

Forgerock ‘s AM is vulnerable to unauthorized access. TokenIDs are sent via HTTP GET requests that are stored in various places, such as proxy logs, local browsing history, and the like. This could be abused by malicious administrators.

Acknowledgement

Similar posts

CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

While doing my preperation for the OSCE i found an nbsp exploit for the coolpalyer+ version 2 19 1 from [...]

Read more

19. February 2018

Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)

nbsp Vulnerable software FTP server 8 0f g Vulnerability Local Buffer Overflow SEH protected gt Code Execution Time Line [...]

Weiterlesen

20. February 2018

CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f

CVE CVE 2018 16231 Vulnerable software FTP server lt = 8 4f Vulnerability Remote denial of service Timeline 30 01 [...]

Read more

25. August 2018

HMV-01: Automatically generated screenshots

Description Screenshots of applications that are moved to the background are created for better user experience Unfortunately other apps can [...]

Weiterlesen

1. July 2019