12 matches found
CVE-2021-35464
CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...
CVE-2017-14394
The CVE-2017-14394 affects ForgeRock OpenAM (OAuth 2.0 Authorization Server) versions 13.5.0–13.5.1 and Access Management (AM) 5.0.0–5.1.1. The issue is improper validation of redirect_uri for certain invalid requests, enabling phishing via an unvalidated redirect. The provided documents do not s...
CVE-2017-14395
ForgeRock Access Management (OpenAM) 13.5.0–13.5.1 and Access Management (AM) 5.0.0–5.1.1 expose a vulnerability where redirect_uri is not properly validated for some invalid requests, enabling a reflected XSS to execute in the user’s browser. This CVE (CVE-2017-14395) is described in multiple so...
CVE-2021-4201
CVE-2021-4201 describes a missing access control in ForgeRock Access Management, affecting 7.1.x before 7.1.1 and 6.5.x before 6.5.4, plus all earlier versions. The issue allows remote unauthenticated attackers to hijack sessions, potentially including admin-level sessions. Connected sources corr...
CVE-2024-25566
CVE-2024-25566 – Open Redirect in PingAM is corroborated by multiple connected records (NVD/Red Hat/CVE list entries) describing an open redirect caused by improper validation of redirect URLs in PingAM. Affected product: PingAM (Ping Identity PingAM); vulnerability type: open redirect; underlyin...
CVE-2023-0582
The CVE-2023-0582 entry describes an improper limitation of a pathname to a restricted directory (path traversal) in ForgeRock Access Management that enables authorization bypass. The issue affects ForgeRock Access Management versions prior to 7.3.0, prior to 7.2.1, prior to 7.1.4, and up to 7.0....
CVE-2022-3748
CVE-2022-3748 affects ForgeRock Access Management versions 6.5.0 through 7.2.0 and is described as an Improper Authorization vulnerability that can lead to authentication bypass. The connected documents corroborate the issue across multiple sources (e.g., Red Hat, CNVD, CNVD/CVELIST references) a...
CVE-2022-24669
Technical details for CVE-2022-24669 are not publicly available in the provided documents. Monitor for updates.
CVE-2021-37154
ForgeRock Access Management (AM) before 7.0.2 has a vulnerability in its SAML2 implementation that allows XML injection, potentially enabling fraudulent SAML 2.0 assertions. Affected component: AM SAML2 handling. Root cause: XML injection in SAML processing. Impact: high confidentiality, integrit...
CVE-2022-24670
ForgeRock Access Management (multiple versions, including 6.0.0.x–7.1.1.x) is affected by CVE-2022-24670. The root cause is unrestricted LDAP queries that allow an attacker to determine configuration entries, leading to potential information disclosure about deployment configuration (C: HIGH). Th...
CVE-2021-37153
ForgeRock Access Management (AM) prior to 7.0.2 is affected when configured with Active Directory as the Identity Store. The issue is an authentication bypass that can impact confidentiality, integrity, and availability (CVSS v3.1: 9.8; base score 7.5/2.0). Concrete root cause and exploit details...
CVE-2018-7272
ForgeRock AM before 5.5.0 exposes SSOToken IDs in REST API URLs, allowing attackers with access to logs to extract sensitive information. The root cause is including SSOToken identifiers in URLs, which can be retrieved from log files and reveal token values. Impact is limited to information discl...