Access Management Security Vulnerabilities and Issues — Access Management CVE List

Lucene search

ForgerockAccess Management

3 matches found

CVE•added 2021/07/22 6:15 p.m.•1147 views

CVE-2021-35464

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability...

10CVSS9.7AI score0.94386EPSS

CVE•added 2021/08/25 9:15 p.m.•51 views

CVE-2021-37154

In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.

10CVSS9.4AI score0.00534EPSS

CVE•added 2021/08/25 9:15 p.m.•30 views

CVE-2021-37153

ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.

9.8CVSS9.4AI score0.00626EPSS