Forgerock - Openam CVE

Filtered by vendor Forgerock Subscribe

Filtered by product Openam

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-29156	1 Forgerock	1 Openam	2021-03-29	5.0 MEDIUM	7.5 HIGH
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
CVE-2016-10097	1 Forgerock	1 Openam	2017-01-11	5.0 MEDIUM	7.5 HIGH
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.

Vulnerabilities (CVE)