3.5

CVE-2014-7246

The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.

Data is provided by the National Vulnerability Database (NVD)
ForgerockOpenam Version9.5.3
ForgerockOpenam Version9.5.4
ForgerockOpenam Version9.5.5
ForgerockOpenam Version10.0.0
ForgerockOpenam Version10.0.1
ForgerockOpenam Version10.0.2
ForgerockOpenam Version10.1.0 SwEditionxpress
ForgerockOpenam Version11.0.0
ForgerockOpenam Version11.0.1
ForgerockOpenam Version11.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.48% 0.623
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.