Vulnerabilities > CVE-2016-10097 - XXE vulnerability in Forgerock Openam 10.1.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
forgerock
CWE-611

Summary

XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.

Vulnerable Configurations

Part Description Count
Application
Forgerock
1