The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-21T00:00:00Z
Updated: 2024-09-17T03:03:02.319Z
Reserved: 2018-02-20T00:00:00Z
Link: CVE-2018-7272
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-02-21T00:29:00.270
Modified: 2018-03-18T14:08:38.513
Link: CVE-2018-7272
Redhat
No data.