PT-2018-17990 · Forgerock · Forgerock Am
Published
2018-02-21
·
Updated
2018-03-18
·
CVE-2018-7272
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ForgeRock AM versions prior to 5.5.0
Description
The issue concerns the REST APIs in ForgeRock AM, where SSOToken IDs are included as part of the URL. This allows attackers to potentially obtain sensitive information by finding an ID value in a log file.
Recommendations
For versions prior to 5.5.0, update to version 5.5.0 or later to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forgerock Am