CVE-2016-6500 in OpenIDMИнформация

Сводка

по MITRE

Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allow remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Резервировать

01.08.2016

Раскрытие

03.02.2017

Модерация

принято

Вход

VDB-96546

CPE

готов

CWE

CWE-20 (Подтверждённый)

CVSS

8.1 (NVD)

EPSS

0.01888

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6500
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6500
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6500/

◂ Предыдущий Обзор Далее ▸

Do you know our Splunk app?

Download it now for free!