Vulnerabilites related to forgerock - openam
Vulnerability from fkie_nvd
Published
2021-03-25 09:15
Modified
2024-11-21 06:00
Severity ?
Summary
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugster.forgerock.org/jira/browse/OPENAM-10135 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://portswigger.net/research/hidden-oauth-attack-vectors | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugster.forgerock.org/jira/browse/OPENAM-10135 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portswigger.net/research/hidden-oauth-attack-vectors | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:*", matchCriteriaId: "ECF6BEF8-D280-4530-8B69-BF7273D2F35C", versionEndExcluding: "13.5.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.", }, { lang: "es", value: "ForgeRock OpenAM versiones anteriores a 13.5.1, permite la inyección LDAP por medio del protocolo Webfinger. Por ejemplo, un atacante no autenticado puede llevar a cabo la recuperación de caracteres del hash de contraseña, o recuperar un token de sesión o una clave privada", }, ], id: "CVE-2021-29156", lastModified: "2024-11-21T06:00:48.017", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-25T09:15:13.120", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://bugster.forgerock.org/jira/browse/OPENAM-10135", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://portswigger.net/research/hidden-oauth-attack-vectors", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://bugster.forgerock.org/jira/browse/OPENAM-10135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://portswigger.net/research/hidden-oauth-attack-vectors", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-14 00:59
Modified
2024-11-21 02:16
Severity ?
Summary
The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:forgerock:openam:9.5.3:*:*:*:*:*:*:*", matchCriteriaId: "26AF6EC8-2956-4501-8E7F-CF4204816C4C", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:9.5.4:*:*:*:*:*:*:*", matchCriteriaId: "17E53F0B-6B53-411D-A494-03C7650FC6E7", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:9.5.5:*:*:*:*:*:*:*", matchCriteriaId: "8EE51772-F55E-4914-8FDB-D7CC2B2C55AB", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F9E6F352-387A-40E4-9FB2-4F54C936E0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6A6C20AA-A592-4D45-8A3D-CAF4E1044E86", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:10.0.2:*:*:*:*:*:*:*", matchCriteriaId: "BA03FC65-D439-4B5A-92A7-70F3E809E0AE", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:10.1.0:*:*:*:xpress:*:*:*", matchCriteriaId: "2D9D9864-1634-4D81-93AC-54813DDD9F64", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6B106534-B696-4CEE-BA72-6AD5E51CC21F", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4A8FC7A9-B3A0-47BF-9C09-EF0D45CB9917", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:11.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A0B6069F-9166-4072-8E05-A8688561DD20", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.", }, { lang: "es", value: "El Core Server en OpenAM 9.5.3 hasta 9.5.5, 10.0.0 hasta 10.0.2, 10.1.0-Xpress, y 11.0.0 hasta 11.0.2, cuando se implementa en una red multi-servidor, permite a los usuarios remotos autenticados causar una denegación de servicio (bucle infinito) a través de una petición con una cookie manipulada.", }, ], id: "CVE-2014-7246", lastModified: "2024-11-21T02:16:36.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-14T00:59:01.383", references: [ { source: "vultures@jpcert.or.jp", url: "http://jvn.jp/en/jp/JVN65559247/index.html", }, { source: "vultures@jpcert.or.jp", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000129", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://sources.forgerock.org/changelog/openam/?cs=11248", }, { source: "vultures@jpcert.or.jp", tags: [ "Patch", "Vendor Advisory", ], url: "https://forgerock.org/2014/11/openam-security-advisory-201404/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvn.jp/en/jp/JVN65559247/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://sources.forgerock.org/changelog/openam/?cs=11248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://forgerock.org/2014/11/openam-security-advisory-201404/", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-02 09:59
Modified
2024-11-21 02:43
Severity ?
Summary
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:forgerock:openam:10.1.0:*:*:*:*:*:*:*", matchCriteriaId: "6C9A01F0-3191-4958-B646-251B60EA1527", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.", }, { lang: "es", value: "Vulnerabilidad de XSS en /SSOPOST/metaAlias/%realm%/idpv2 en OpenAM - Access Management 10.1.0 permite a atacantes remotos leer archivos arbitrarios a través del parámetro SAMLRequest.", }, ], id: "CVE-2016-10097", lastModified: "2024-11-21T02:43:17.813", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-02T09:59:00.130", references: [ { source: "cve@mitre.org", url: "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/95174", }, { source: "cve@mitre.org", url: "https://twitter.com/h02332/status/816252923688665088", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://twitter.com/h02332/status/816252923688665088", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-19 22:15
Modified
2024-11-21 03:12
Severity ?
Summary
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forgerock | access_management | * | |
| forgerock | openam | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*", matchCriteriaId: "31F2A6D9-D3BB-4D1D-BA49-D120B32EF6D7", versionEndIncluding: "5.1.1", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:*", matchCriteriaId: "C991BD33-4EE1-4CD4-80EF-4F539F27E159", versionEndIncluding: "13.5.1", versionStartIncluding: "13.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.", }, { lang: "es", value: "El servidor de autorización Auth versión 2.0 de ForgeRock Access Management (OpenAM) versión 13.5.0-13.5.1 y Access Management (AM) versión 5.0.0-5.1.1, no comprueba correctamente redirect_uri para algunas peticiones no válidas, lo que permite a los atacantes ejecutar un script en el navegador del usuario por medio de un XSS reflejado.", }, ], id: "CVE-2017-14395", lastModified: "2024-11-21T03:12:41.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-19T22:15:13.673", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-19 22:15
Modified
2024-11-21 03:12
Severity ?
Summary
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forgerock | access_management | * | |
| forgerock | openam | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*", matchCriteriaId: "31F2A6D9-D3BB-4D1D-BA49-D120B32EF6D7", versionEndIncluding: "5.1.1", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:*", matchCriteriaId: "C991BD33-4EE1-4CD4-80EF-4F539F27E159", versionEndIncluding: "13.5.1", versionStartIncluding: "13.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.", }, { lang: "es", value: "El servidor de autorización OAuth versión 2.0 de ForgeRock Access Management (OpenAM) versión 13.5.0-13.5.1 y Access Management (AM) versión 5.0.0-5.1.1, no comprueba correctamente redirect_uri para algunas peticiones no válidas, lo que permite a los atacantes realizar phishing por medio de un redireccionamiento no validado.", }, ], id: "CVE-2017-14394", lastModified: "2024-11-21T03:12:41.500", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-19T22:15:13.593", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-07-22 18:15
Modified
2025-03-14 16:45
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forgerock | access_management | * | |
| forgerock | openam | * |
{ cisaActionDue: "2021-11-17", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*", matchCriteriaId: "93CE7640-AC5C-40EB-A613-D68B2B21230B", versionEndExcluding: "6.5.4", vulnerable: true, }, { criteria: "cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:*", matchCriteriaId: "D6A8D81B-9638-46CA-8F51-6E3BA7CBC74B", versionEndExcluding: "14.6.3", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier", }, { lang: "es", value: "El servidor ForgeRock AM anterior a la versión 7.0 tiene una vulnerabilidad de deserialización de Java en el parámetro jato.pageSession en varias páginas. La explotación no requiere autenticación, y la ejecución remota de código se puede desencadenar mediante el envío de una única solicitud /ccversion/* manipulada al servidor. La vulnerabilidad existe debido al uso de Sun ONE Application Framework (JATO) que se encuentra en las versiones de Java 8 o anteriores", }, ], id: "CVE-2021-35464", lastModified: "2025-03-14T16:45:41.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-07-22T18:15:23.247", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a47894244", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://bugster.forgerock.org", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a47894244", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://bugster.forgerock.org", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
jvndb-2014-000129
Vulnerability from jvndb
Published
2014-11-10 14:23
Modified
2014-11-20 10:09
Summary
OpenAM vulnerable to denial-of-service (DoS)
Details
OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service (DoS) vulnerability due to a flaw in processing Cookies (CWE-400).
Yasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN65559247/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7246 | |
| NVD | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7246 | |
| IPA SECURITY ALERTS | http://www.ipa.go.jp/security/ciadr/vul/20141110-jvn.html | |
| Related document | https://www.osstech.co.jp/support/am20141106-1-en | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000129.html", "dc:date": "2014-11-20T10:09+09:00", "dcterms:issued": "2014-11-10T14:23+09:00", "dcterms:modified": "2014-11-20T10:09+09:00", description: "OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service (DoS) vulnerability due to a flaw in processing Cookies (CWE-400).\r\n\r\nYasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", link: "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000129.html", "sec:cpe": { "#text": "cpe:/a:forgerock:openam", "@product": "OpenAM", "@vendor": "ForgeRock", "@version": "2.2", }, "sec:cvss": { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "@version": "2.0", }, "sec:identifier": "JVNDB-2014-000129", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN65559247/index.html", "@id": "JVN#65559247", "@source": "JVN", }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7246", "@id": "CVE-2014-7246", "@source": "CVE", }, { "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7246", "@id": "CVE-2014-7246", "@source": "NVD", }, { "#text": "http://www.ipa.go.jp/security/ciadr/vul/20141110-jvn.html", "@id": "Security Alert for OpenAM vulnerable to denial-of-service (DoS) (JVN#65559247)", "@source": "IPA SECURITY ALERTS", }, { "#text": "https://www.osstech.co.jp/support/am20141106-1-en", "@id": "Notice of OpenAM security vulnerability and product updates [AM20141106-1]", "@source": "Related document", }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)", }, ], title: "OpenAM vulnerable to denial-of-service (DoS)", }
cve-2021-35464
Vulnerability from cvelistv5
Published
2021-07-22 17:10
Modified
2025-02-04 19:41
Severity ?
EPSS score ?
Summary
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugster.forgerock.org | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html | x_refsource_MISC | |
| https://backstage.forgerock.com/knowledge/kb/article/a47894244 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:40:45.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugster.forgerock.org", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a47894244", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-35464", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:41:03.395101Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35464", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:41:10.440Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-02T17:00:26.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugster.forgerock.org", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a47894244", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-35464", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugster.forgerock.org", refsource: "MISC", url: "https://bugster.forgerock.org", }, { name: "http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html", }, { name: "http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html", }, { name: "https://backstage.forgerock.com/knowledge/kb/article/a47894244", refsource: "CONFIRM", url: "https://backstage.forgerock.com/knowledge/kb/article/a47894244", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-35464", datePublished: "2021-07-22T17:10:18.000Z", dateReserved: "2021-06-23T00:00:00.000Z", dateUpdated: "2025-02-04T19:41:10.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14395
Vulnerability from cvelistv5
Published
2019-06-19 21:22
Modified
2024-08-05 19:27
Severity ?
EPSS score ?
Summary
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://backstage.forgerock.com/knowledge/kb/article/a45958025 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:27:40.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-06-04T00:00:00", descriptions: [ { lang: "en", value: "Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-19T21:22:29", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14395", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", refsource: "MISC", url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14395", datePublished: "2019-06-19T21:22:29", dateReserved: "2017-09-12T00:00:00", dateUpdated: "2024-08-05T19:27:40.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10097
Vulnerability from cvelistv5
Published
2017-01-02 09:46
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95174 | vdb-entry, x_refsource_BID | |
| http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html | x_refsource_MISC | |
| https://twitter.com/h02332/status/816252923688665088 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:07:32.044Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "95174", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95174", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/h02332/status/816252923688665088", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-20T00:00:00", descriptions: [ { lang: "en", value: "XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-07T06:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "95174", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95174", }, { tags: [ "x_refsource_MISC", ], url: "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/h02332/status/816252923688665088", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10097", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "95174", refsource: "BID", url: "http://www.securityfocus.com/bid/95174", }, { name: "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html", refsource: "MISC", url: "http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html", }, { name: "https://twitter.com/h02332/status/816252923688665088", refsource: "MISC", url: "https://twitter.com/h02332/status/816252923688665088", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10097", datePublished: "2017-01-02T09:46:00", dateReserved: "2017-01-02T00:00:00", dateUpdated: "2024-08-06T03:07:32.044Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-7246
Vulnerability from cvelistv5
Published
2014-11-14 00:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://forgerock.org/2014/11/openam-security-advisory-201404/ | x_refsource_CONFIRM | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000129 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN65559247/index.html | third-party-advisory, x_refsource_JVN | |
| http://sources.forgerock.org/changelog/openam/?cs=11248 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:40:19.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://forgerock.org/2014/11/openam-security-advisory-201404/", }, { name: "JVNDB-2014-000129", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000129", }, { name: "JVN#65559247", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN65559247/index.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sources.forgerock.org/changelog/openam/?cs=11248", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-11-11T00:00:00", descriptions: [ { lang: "en", value: "The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-11-14T00:57:01", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://forgerock.org/2014/11/openam-security-advisory-201404/", }, { name: "JVNDB-2014-000129", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000129", }, { name: "JVN#65559247", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN65559247/index.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sources.forgerock.org/changelog/openam/?cs=11248", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2014-7246", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://forgerock.org/2014/11/openam-security-advisory-201404/", refsource: "CONFIRM", url: "https://forgerock.org/2014/11/openam-security-advisory-201404/", }, { name: "JVNDB-2014-000129", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000129", }, { name: "JVN#65559247", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN65559247/index.html", }, { name: "http://sources.forgerock.org/changelog/openam/?cs=11248", refsource: "CONFIRM", url: "http://sources.forgerock.org/changelog/openam/?cs=11248", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2014-7246", datePublished: "2014-11-14T00:00:00", dateReserved: "2014-09-30T00:00:00", dateUpdated: "2024-08-06T12:40:19.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14394
Vulnerability from cvelistv5
Published
2019-06-19 21:22
Modified
2024-08-05 19:27
Severity ?
EPSS score ?
Summary
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.
References
| ▼ | URL | Tags |
|---|---|---|
| https://backstage.forgerock.com/knowledge/kb/article/a45958025 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:27:40.465Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-06-04T00:00:00", descriptions: [ { lang: "en", value: "OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-19T21:22:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14394", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", refsource: "MISC", url: "https://backstage.forgerock.com/knowledge/kb/article/a45958025", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14394", datePublished: "2019-06-19T21:22:20", dateReserved: "2017-09-12T00:00:00", dateUpdated: "2024-08-05T19:27:40.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29156
Vulnerability from cvelistv5
Published
2021-03-25 08:20
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portswigger.net/research/hidden-oauth-attack-vectors | x_refsource_MISC | |
| https://bugster.forgerock.org/jira/browse/OPENAM-10135 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:02:51.399Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portswigger.net/research/hidden-oauth-attack-vectors", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugster.forgerock.org/jira/browse/OPENAM-10135", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-25T08:20:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portswigger.net/research/hidden-oauth-attack-vectors", }, { tags: [ "x_refsource_MISC", ], url: "https://bugster.forgerock.org/jira/browse/OPENAM-10135", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-29156", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://portswigger.net/research/hidden-oauth-attack-vectors", refsource: "MISC", url: "https://portswigger.net/research/hidden-oauth-attack-vectors", }, { name: "https://bugster.forgerock.org/jira/browse/OPENAM-10135", refsource: "MISC", url: "https://bugster.forgerock.org/jira/browse/OPENAM-10135", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-29156", datePublished: "2021-03-25T08:20:13", dateReserved: "2021-03-25T00:00:00", dateUpdated: "2024-08-03T22:02:51.399Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }