CVE-2018-7272

MEDIUM

ForgeRock Access Management < 5.5.0 - Exposure of Sensitive Information via SSOToken ID in REST API URLs

Title source: llm
STIX 2.1

Description

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://hansesecure.de/vulnerability-in-am/

Scores

CVSS v3 6.5
EPSS 0.0088
EPSS Percentile 54.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
forgerock/access_management < 5.5.0
Published Feb 21, 2018
Tracked Since Feb 18, 2026