CVE-2018-7272
published 2018-02-21CVE-2018-7272: The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID…
PriorityP429medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EPSS
0.88%
54.5th percentile
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| forgerock | access_management | < 5.5.0 | 5.5.0 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Sentinelone
Vulnerability Assessment, Penetration Testing, and Redteaming
blogs_sentinelone·2019-07-22·CVSS 8.8
[HIGH] Vulnerability Assessment, Penetration Testing, and Redteaming
A guest post by Florian Hansemann – @HanseSecure
More and more frequently the terms ‘Vulnerability Assessment’, ‘Penetration Testing‘ and ‘Redteaming’ are misused or misinterpreted. Whether the reason for this wording lies with the sales teams of the corresponding service providers (Pentesting sounds more like CyberCyber than Vulnerability Assessment 😉 ) or elsewhere is irrelevant.
The important thing is that the company knows what is hidden behind the term and when it should be used. Therefore, this article will describe the various technical security audit possibilities and explain when each method should be used.
## Vulnerability Assessment
Description
Possible Findings
1. Default Credentials [cisco:cisco]
2. Missing Patches [CVE-2017-0144]
3. Open Ports [databases]
4. Missing Sec
Sentinelone
Vulnerability Assessment, Penetration Testing, and Redteaming
blogs_sentinelone·2019-07-22·CVSS 8.8
[HIGH] Vulnerability Assessment, Penetration Testing, and Redteaming
A guest post by Florian Hansemann – @HanseSecure
More and more frequently the terms ‘Vulnerability Assessment’, ‘ Penetration Testing ‘ and ‘Redteaming’ are misused or misinterpreted. Whether the reason for this wording lies with the sales teams of the corresponding service providers (Pentesting sounds more like CyberCyber than Vulnerability Assessment 😉 ) or elsewhere is irrelevant.
The important thing is that the company knows what is hidden behind the term and when it should be used. Therefore, this article will describe the various technical security audit possibilities and explain when each method should be used.
## Vulnerability Assessment
Description
A vulnerability assessment uses mostly automated procedures and generic scanners to detect security vulnerabilities in systems. Th
2018-02-21
Published