CVE-2016-6500 in OpenIDMinfo

Zusammenfassung

von MITRE

Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allow remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

01.08.2016

Veröffentlichung

03.02.2017

Moderieren

akzeptiert

Eintrag

VDB-96546

CPE

bereit

CWE

CWE-20 (bestätigt)

CVSS

8.1 (NVD)

EPSS

0.01888

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6500
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6500
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6500/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!