2 matches found
CVE-2025-20628
CVE-2025-20628 affects PingIDM (formerly ForgeRock Identity Management). The issue is an insufficient granularity of access control for remote connector servers (RCS) running in client mode, allowing a spoofed client-mode RCS to intercept or modify an identity’s security-relevant properties (e.g....
CVE-2025-20628 Insufficient granularity of access control for Remote Connector Servers in client mode
An insufficient granularity of access control vulnerability exists in PingIDM formerly ForgeRock Identity Management where administrators cannot properly configure access rules for Remote Connector Servers RCS running in client mode. This means attackers can spoof a client-mode RCS if one exists ...