Free call

CVE-2018-7272: AM 5.0.0, 5.1.0

25. August 2018

CVE

CVE-2018-7272

Vulnerable software

AT 5.0.0, 5.1.0

Vulnerability

Unauthorized access

Timeline

  • 15.12.2017 Seller informs
  • X.01.2018  Manufacturer has patched vulnerability
  • 24.01.2018 Manufacturer publishes safety notice

Description

Forgerock ‘s AM is vulnerable to unauthorized access. TokenIDs are sent via HTTP GET requests that are stored in various places, such as proxy logs, local browsing history, and the like. This could be abused by malicious administrators.

Acknowledgement

Similar posts

CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

Read more

19. February 2018

Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 [...]

Weiterlesen

20. February 2018

CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) [...]

Read more

25. August 2018

HMV-01: Automatically generated screenshots

Description Screenshots of applications that are moved to the background are created for better user experience. Unfortunately, other apps can [...]

Weiterlesen

1. July 2019