Описание
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0.0 (включая)
cpe:2.3:a:forgerock:racf_connector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01888
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.
EPSS
Процентиль: 83%
0.01888
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20