Vulnerabilities (CVE)

Filtered by vendor Forgerock Subscribe

Filtered by product Access Management

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-14395	1 Forgerock	2 Access Management, Openam	2019-06-21	4.3 MEDIUM	6.1 MEDIUM
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.
CVE-2017-14394	1 Forgerock	2 Access Management, Openam	2019-06-21	5.8 MEDIUM	6.1 MEDIUM
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.
CVE-2018-7272	1 Forgerock	1 Access Management	2018-03-18	4.0 MEDIUM	6.5 MEDIUM
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.