Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pre-authentication session hijacking
Vulnerability Description
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
ForgeRock Access Management授权问题漏洞
Vulnerability Description
Forgerock ForgeRock Access Management是美国ForgeRock(Forgerock)公司的一个全面、统一的解决方案,旨在快速实现根据用户和员工的独特需求量身定制的卓越体验。 ForgeRock Access Management 7.1.0存在安全漏洞,该漏洞源于缺少访问控制,该漏洞允许远程未经身份验证的攻击者劫持会话,包括潜在的管理员级会话。
CVSS Information
N/A
Vulnerability Type
N/A