CVE-2017-14395

Name of the Vulnerable Software and Affected Versions ForgeRock Access Management (OpenAM) versions 13.5.0 through 13.5.1 Access Management (AM) versions 5.0.0 through 5.1.1

Description The issue arises from incorrect validation of the redirect uri for some invalid requests, allowing attackers to execute a script in the user's browser via reflected XSS.

Recommendations For ForgeRock Access Management (OpenAM) versions 13.5.0 through 13.5.1, update to a version that correctly validates redirect uri to prevent reflected XSS attacks. For Access Management (AM) versions 5.0.0 through 5.1.1, update to a version that correctly validates redirect uri to prevent reflected XSS attacks. As a temporary workaround, consider restricting access to the Auth 2.0 Authorization Server to minimize the risk of exploitation.