Lucene search
K
ForgerockAccess Management

12 matches found

CVE
CVE
added 2021/07/22 5:10 p.m.1228 views

CVE-2021-35464

CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...

10CVSS9.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2019/06/19 9:22 p.m.138 views

CVE-2017-14394

The CVE-2017-14394 affects ForgeRock OpenAM (OAuth 2.0 Authorization Server) versions 13.5.0–13.5.1 and Access Management (AM) 5.0.0–5.1.1. The issue is improper validation of redirect_uri for certain invalid requests, enabling phishing via an unvalidated redirect. The provided documents do not s...

6.1CVSS6.3AI score0.00794EPSS
CVE
CVE
added 2019/06/19 9:22 p.m.136 views

CVE-2017-14395

ForgeRock Access Management (OpenAM) 13.5.0–13.5.1 and Access Management (AM) 5.0.0–5.1.1 expose a vulnerability where redirect_uri is not properly validated for some invalid requests, enabling a reflected XSS to execute in the user’s browser. This CVE (CVE-2017-14395) is described in multiple so...

6.1CVSS6.4AI score0.00793EPSS
CVE
CVE
added 2022/02/14 9:4 p.m.113 views

CVE-2021-4201

CVE-2021-4201 describes a missing access control in ForgeRock Access Management, affecting 7.1.x before 7.1.1 and 6.5.x before 6.5.4, plus all earlier versions. The issue allows remote unauthenticated attackers to hijack sessions, potentially including admin-level sessions. Connected sources corr...

9.8CVSS9.6AI score0.01978EPSS
CVE
CVE
added 2024/10/29 3:34 p.m.89 views

CVE-2024-25566

CVE-2024-25566 – Open Redirect in PingAM is corroborated by multiple connected records (NVD/Red Hat/CVE list entries) describing an open redirect caused by improper validation of redirect URLs in PingAM. Affected product: PingAM (Ping Identity PingAM); vulnerability type: open redirect; underlyin...

6.1CVSS6.2AI score0.00223EPSS
CVE
CVE
added 2024/03/27 5:9 p.m.88 views

CVE-2023-0582

The CVE-2023-0582 entry describes an improper limitation of a pathname to a restricted directory (path traversal) in ForgeRock Access Management that enables authorization bypass. The issue affects ForgeRock Access Management versions prior to 7.3.0, prior to 7.2.1, prior to 7.1.4, and up to 7.0....

9.8CVSS8.5AI score0.0078EPSS
CVE
CVE
added 2023/04/14 2:6 p.m.78 views

CVE-2022-3748

CVE-2022-3748 affects ForgeRock Access Management versions 6.5.0 through 7.2.0 and is described as an Improper Authorization vulnerability that can lead to authentication bypass. The connected documents corroborate the issue across multiple sources (e.g., Red Hat, CNVD, CNVD/CVELIST references) a...

9.8CVSS9.6AI score0.00909EPSS
CVE
CVE
added 2022/10/27 4:53 p.m.71 views

CVE-2022-24669

Technical details for CVE-2022-24669 are not publicly available in the provided documents. Monitor for updates.

6.5CVSS6.6AI score0.00361EPSS
CVE
CVE
added 2021/08/25 8:2 p.m.66 views

CVE-2021-37154

ForgeRock Access Management (AM) before 7.0.2 has a vulnerability in its SAML2 implementation that allows XML injection, potentially enabling fraudulent SAML 2.0 assertions. Affected component: AM SAML2 handling. Root cause: XML injection in SAML processing. Impact: high confidentiality, integrit...

10CVSS9.4AI score0.01359EPSS
CVE
CVE
added 2022/10/27 4:53 p.m.64 views

CVE-2022-24670

ForgeRock Access Management (multiple versions, including 6.0.0.x–7.1.1.x) is affected by CVE-2022-24670. The root cause is unrestricted LDAP queries that allow an attacker to determine configuration entries, leading to potential information disclosure about deployment configuration (C: HIGH). Th...

7.1CVSS6.5AI score0.00546EPSS
CVE
CVE
added 2021/08/25 8:5 p.m.46 views

CVE-2021-37153

ForgeRock Access Management (AM) prior to 7.0.2 is affected when configured with Active Directory as the Identity Store. The issue is an authentication bypass that can impact confidentiality, integrity, and availability (CVSS v3.1: 9.8; base score 7.5/2.0). Concrete root cause and exploit details...

9.8CVSS9.4AI score0.01194EPSS
CVE
CVE
added 2018/02/21 12:0 a.m.43 views

CVE-2018-7272

ForgeRock AM before 5.5.0 exposes SSOToken IDs in REST API URLs, allowing attackers with access to logs to extract sensitive information. The root cause is including SSOToken identifiers in URLs, which can be retrieved from log files and reveal token values. Impact is limited to information discl...

6.5CVSS6.1AI score0.00878EPSS