CVE-2018-7272

medium

ForgeRock

CVSS v3 Base Score

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

None

Availability

None

Published: February 21, 2018 (3005 days ago)

Last Modified: November 21, 2024

Vendor: ForgeRock

Source: NVD

Description

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

References

🔗 backstage.forgerock.com 🔗 hansesecure.de 🔗 backstage.forgerock.com 🔗 hansesecure.de

CVE-2018-7272

Vulnerability Report

Description

References