CVE-2018-7272: AM 5.0.0, 5.1.0

25. August 2018

CVE

CVE-2018-7272

Vulnerable software

AT 5.0.0, 5.1.0

Vulnerability

Unauthorized access

Timeline

  • 15.12.2017 Seller informs
  • X.01.2018  Manufacturer has patched vulnerability
  • 24.01.2018 Manufacturer publishes safety notice

Description

Forgerock ‘s AM is vulnerable to unauthorized access. TokenIDs are sent via HTTP GET requests that are stored in various places, such as proxy logs, local browsing history, and the like. This could be abused by malicious administrators.

Acknowledgement

Similar posts

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

19. February 2018

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 [...]

20. February 2018

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) [...]

25. August 2018

Description Screenshots of applications that are moved to the background are created for better user experience. Unfortunately, other apps can [...]

1. July 2019