exploitDog

GHSA-9xmg-qx66-c5gw

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

Ссылки

EPSS

Процентиль: 52%

0.00294

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-7272

CVSS3: 6.5

nvd

почти 8 лет назад

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

EPSS

Процентиль: 52%

0.00294

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-200