Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ForgeRock OpenAM - Access Management 安全漏洞
Vulnerability Description
ForgeRock OpenAM - Access Management是美国ForgeRock公司的一套开源的单点登录框架(SSO),它通过提供核心的标识服务(Core Server)以实现在一个网络架构中的透明单点登录(如集中式、分布式的单点登录)。 ForgeRock OpenAM - Access Management 10.1.0版本中的/SSOPOST/metaAlias/%realm%/idpv2存在XML外部实体注入漏洞。远程攻击者可借助‘SAMLRequest’参数利用该漏洞读取任意文件
CVSS Information
N/A
Vulnerability Type
N/A