Medium severity6.5NVD Advisory· Published Feb 21, 2018· Updated Jun 17, 2026
CVE-2018-7272
CVE-2018-7272
Description
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
Affected products
1Patches
Vulnerability mechanics
References
2- backstage.forgerock.com/knowledge/kb/book/b21824339nvdVendor Advisory
- hansesecure.de/vulnerability-in-am/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.