AT 5.0.0, 5.1.0
- 15.12.2017 Seller informs
- X.01.2018 Manufacturer has patched vulnerability
- 24.01.2018 Manufacturer publishes safety notice
Forgerock ‘s AM is vulnerable to unauthorized access. TokenIDs are sent via HTTP GET requests that are stored in various places, such as proxy logs, local browsing history, and the like. This could be abused by malicious administrators.