OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.
View Full Alert
Related Posts
CVE-2017-1107IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force…
CVE-2017-13717Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to "*". This allows any hosted file on any domain to make calls to the device's webserver and brute force the…
CVE-2017-8328An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the…
