Lucene search
K

163 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:22 a.m.12 views

CVE-2018-7272

The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...

6.5CVSS6.3AI score0.00878EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/14 5:58 p.m.19 views

CVE-2023-1656

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...

7.5CVSS7AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/14 5:58 p.m.14 views

CVE-2023-0511

Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1...

9.8CVSS6.9AI score0.00973EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/14 5:58 p.m.24 views

CVE-2023-0339

Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1...

9.8CVSS6.9AI score0.00973EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/14 5:58 p.m.20 views

CVE-2023-0582

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2...

9.8CVSS6.8AI score0.0078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 12:43 a.m.12 views

CVE-2022-3748

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0...

9.8CVSS6.8AI score0.00909EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.4 views

ForgeRock OpenIDM 安全漏洞

ForgeRock OpenIDM is an identity management system from ForgeRock USA. A security vulnerability exists in ForgeRock OpenIDM that stems from improper input validation of query search results for private field data, allowing an attacker to cause an information disclosure through the use of...

2.7CVSS6.2AI score0.00671EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/03/29 12:0 a.m.21 views

ForgeRock Access Management 7.2.0 / 7.1.x < 7.1.4 / 7.0.x <= 7.0.2 Path Traversal

The version of ForgeRock Access Management detected on the remote host is affected by a path traversal vulnerabilty which can lead to unauthorized access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

9.8CVSS5.6AI score0.0078EPSS
Exploits0References2
OSV
OSV
added 2024/03/27 6:15 p.m.4 views

CVE-2023-0582

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2...

9.8CVSS5.8AI score0.0078EPSS
Exploits0References2
NVD
NVD
added 2024/03/27 6:15 p.m.21 views

CVE-2023-0582

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2...

9.8CVSS8.1AI score0.0078EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/27 5:9 p.m.12 views

CVE-2023-0582 Path Traversal in ForgeRock Access Managment

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2...

8.1CVSS8.9AI score0.0078EPSS
Exploits0References2
CVE
CVE
added 2024/03/27 5:9 p.m.93 views

CVE-2023-0582

The CVE-2023-0582 entry describes an improper limitation of a pathname to a restricted directory (path traversal) in ForgeRock Access Management that enables authorization bypass. The issue affects ForgeRock Access Management versions prior to 7.3.0, prior to 7.2.1, prior to 7.1.4, and up to 7.0....

9.8CVSS8.5AI score0.0078EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/27 5:9 p.m.26 views

CVE-2023-0582 Path Traversal in ForgeRock Access Managment

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2...

8.1CVSS8.2AI score0.0078EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.6 views

ForgeRock Access Management 路径遍历漏洞

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable superior experiences tailored to the unique needs of users and employees. A security vulnerability exists in ForgeRock Access Management that stems from an incorrect restriction on...

9.8CVSS5.6AI score0.0078EPSS
Exploits0References4
CNVD
CNVD
added 2023/04/24 12:0 a.m.11 views

ForgeRock Access Management Access Control Error Vulnerability

ForgeRock Access Management is a comprehensive, unified solution from ForgeRock USA designed to quickly enable superior experiences tailored to the unique needs of users and employees. An access control error vulnerability exists in ForgeRock Access Management versions 6.5.0 through 7.2.0, which...

9.8CVSS6.8AI score0.00909EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.33 views

ForgeRock Access Management 7.x Improper Authorization

The version of ForgeRock Access Management detected on the remote host is affected by an improper authorization vulnerabilty which can lead to authentication bypass, user account impersonation and account takeover. CVE-2022-3748 Note that Nessus has not tested for this issue but has instead relie...

9.8CVSS8.3AI score0.00909EPSS
Exploits0References2
OSV
OSV
added 2023/04/14 3:15 p.m.6 views

CVE-2022-3748

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0...

9.8CVSS5.8AI score0.00909EPSS
Exploits0References3
NVD
NVD
added 2023/04/14 3:15 p.m.22 views

CVE-2022-3748

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0...

9.8CVSS9.6AI score0.00909EPSS
Exploits0References3
Prion
Prion
added 2023/04/14 3:15 p.m.20 views

Authorization

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0...

7.5CVSS9.4AI score0.00909EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/14 2:6 p.m.10 views

CVE-2022-3748 Improper authorization that can lead to account impersonation

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0...

9.8CVSS9.6AI score0.00909EPSS
Exploits0References3
Rows per page
Query Builder