CVE-2021-37154

Critical

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0…

mitre·CWE-91·Published 2021-08-25

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

150 chars

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.

NVDen

150 chars

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.

En ForgeRock Access Management (AM) versiones anteriores a 7.0.2, la implementación de SAML2 permite una inyección de XML, permitiendo potencialmente una aserción fraudulenta de SAML versión 2.0.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H