← Back

CVE-2014-7246

nvd nist
Published: Nov 14, 2014Modified: May 6, 2026

JSON object

Loading...
3.5
Vector
AV:N/AC:M/Au:S/C:N/I:N/A:P
Exploitability: 6.8 / Impact: 2.9
Source: NVD

Description

The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in a request.

Affected (10)

Products: Forgerock: Openam
Forgerock
1 product
Openam
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Forgerock
Openam
Version 10.0.0
Openam
Version 10.0.1
Openam
Version 10.0.2
Openam
Version 10.1.0
Openam
Version 11.0.0
Openam
Version 11.0.1
Openam
Version 11.0.2
Openam
Version 9.5.3
Openam
Version 9.5.4
Openam
Version 9.5.5

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.