AM
by Forgerock
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7272 | Med | 0.42 | 6.5 | 0.01 | Feb 21, 2018 | The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file. | ||
| CVE-2022-24670 | 0.00 | — | 0.01 | Oct 27, 2022 | An attacker can use the unrestricted LDAP queries to determine configuration entries |
- risk 0.42cvss 6.5epss 0.01
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
- CVE-2022-24670Oct 27, 2022risk 0.00cvss —epss 0.01
An attacker can use the unrestricted LDAP queries to determine configuration entries