CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7272

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.6%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://backstage.forgerock.com/knowledge/kb/book/b21824339
https://hansesecure.de/vulnerability-in-am/
https://backstage.forgerock.com/knowledge/kb/book/b21824339
https://hansesecure.de/vulnerability-in-am/

Products affected by CVE-2018-7272

Forgerock » Access Management » Version: 5.0.0

cpe:2.3:a:forgerock:access_management:5.0.0
Forgerock » Access Management » Version: 5.1.0

cpe:2.3:a:forgerock:access_management:5.1.0
Forgerock » Access Management » Version: 5.1.1

cpe:2.3:a:forgerock:access_management:5.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7272

Products

Pricing

Contact Us