CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 6CVE-2021-35464 – ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier El servidor ForgeRock AM anterior a la versión 7.0 tiene una vulnerabilidad de deserialización de Java en el parámetro jato.pageSession en varias páginas. La explotación no requiere autenticación, y la ejecución remota de código se puede desencadenar mediante el envío de una única solicitud /ccversion/* manipulada al servidor. La vulnerabilidad existe debido al uso de Sun ONE Application Framework (JATO) que se encuentra en las versiones de Java 8 o anteriores ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend). • https://www.exploit-db.com/exploits/50131 https://github.com/Y4er/openam-CVE-2021-35464 https://github.com/rood8008/CVE-2021-35464 http://packetstormsecurity.com/files/163486/ForgeRock-OpenAM-Jato-Java-Deserialization.html http://packetstormsecurity.com/files/163525/ForgeRock-Access-Manager-OpenAM-14.6.3-Remote-Code-Execution.html https://backstage.forgerock.com/knowledge/kb/article/a47894244 https://bugster.forgerock.org https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 44%CPEs: 1EXPL: 5CVE-2021-29156 – OpenAM 13.0 - LDAP Injection
https://notcve.org/view.php?id=CVE-2021-29156
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. ForgeRock OpenAM versiones anteriores a 13.5.1, permite la inyección LDAP por medio del protocolo Webfinger. Por ejemplo, un atacante no autenticado puede llevar a cabo la recuperación de caracteres del hash de contraseña, o recuperar un token de sesión o una clave privada • https://www.exploit-db.com/exploits/50480 https://github.com/guidepointsecurity/CVE-2021-29156 https://github.com/5amu/CVE-2021-29156 https://bugster.forgerock.org/jira/browse/OPENAM-10135 https://portswigger.net/research/hidden-oauth-attack-vectors • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14395
https://notcve.org/view.php?id=CVE-2017-14395
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS. El servidor de autorización Auth versión 2.0 de ForgeRock Access Management (OpenAM) versión 13.5.0-13.5.1 y Access Management (AM) versión 5.0.0-5.1.1, no comprueba correctamente redirect_uri para algunas peticiones no válidas, lo que permite a los atacantes ejecutar un script en el navegador del usuario por medio de un XSS reflejado. • https://backstage.forgerock.com/knowledge/kb/article/a45958025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14394
https://notcve.org/view.php?id=CVE-2017-14394
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect. El servidor de autorización OAuth versión 2.0 de ForgeRock Access Management (OpenAM) versión 13.5.0-13.5.1 y Access Management (AM) versión 5.0.0-5.1.1, no comprueba correctamente redirect_uri para algunas peticiones no válidas, lo que permite a los atacantes realizar phishing por medio de un redireccionamiento no validado. • https://backstage.forgerock.com/knowledge/kb/article/a45958025 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10097
https://notcve.org/view.php?id=CVE-2016-10097
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. Vulnerabilidad de XSS en /SSOPOST/metaAlias/%realm%/idpv2 en OpenAM - Access Management 10.1.0 permite a atacantes remotos leer archivos arbitrarios a través del parámetro SAMLRequest. • http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html http://www.securityfocus.com/bid/95174 https://twitter.com/h02332/status/816252923688665088 • CWE-611: Improper Restriction of XML External Entity Reference •