Vulnerabilities (CVE)

Filtered by vendor Forgerock Subscribe
Total 21 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3800 27 Anynines, Apigee, Appdynamics and 24 more 55 Elasticsearch, Logme, Mongodb and 52 more 2024-02-28 2.1 LOW 7.8 HIGH
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.