VYPR
Medium severity6.5NVD Advisory· Published Feb 21, 2018· Updated Jun 17, 2026

CVE-2018-7272

CVE-2018-7272

Description

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.