Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HForgerock Access Management
APPForgerock5.5.26.0.06.0.0.16.0.0.26.0.0.36.0.0.46.0.0.66.0.0.76.5.06.5.0.16.5.0.26.5.16.5.2.16.5.2.26.5.2.3+ 5 więcej
Related vulnerabilities
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on m...
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This is...
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially e...
ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, ha...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Acce...