CVE-2018-7272: AM 5.0.0, 5.1.0


CVE

CVE-2018-7272

Vulnerable Software

AM 5.0.0, 5.1.0

Vulnerability

Unauthorized Access

Time Line

  • 15.12.2017 Vendor informed
  • X.01.2018  Vendor patched flaw
  • 24.01.2018 Vendor released Security Advisory

Description

The AM from Forgerock is vulnerable to unauthorized access. The TokenIDs are sended via HTTP-GET requests, which are stored at several places like proxy-logs, local browser history and the like. This could be abused by malicious administrators.

Acknowledgement


Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.

Ein Gedanke zu “CVE-2018-7272: AM 5.0.0, 5.1.0

  • Trim Pill Keto Reviews

    I’m impressed, I must say. Seldom do I come across a blog that’s both educative and amusing, and without a doubt,
    you have hit the nail on the head. The issue is something that too few men and women are speaking intelligently about.
    I’m very happy that I stumbled across this in my search for something relating to this.