cvedb.io
CVE-2018-7272
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2018-02-21T00:29:00.270 · Last modified 2026-06-17T02:02:54.293

Summary

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.

Affected products

forgerock — access_management

Does this affect you?

Add your gear to cvedb and we'll alert you only when forgerock ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.