Access Management
by Forgerock
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0582 | 0.00 | — | 0.01 | Mar 27, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | |||
| CVE-2022-3748 | 0.00 | — | 0.01 | Apr 14, 2023 | Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0. | |||
| CVE-2023-0511 | 0.00 | — | 0.01 | Feb 28, 2023 | Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 | |||
| CVE-2023-0339 | 0.00 | — | 0.01 | Feb 28, 2023 | Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 | |||
| CVE-2022-24669 | 0.00 | — | 0.00 | Oct 27, 2022 | It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. | |||
| CVE-2022-24670 | 0.00 | — | 0.01 | Oct 27, 2022 | An attacker can use the unrestricted LDAP queries to determine configuration entries | |||
| CVE-2021-4201 | 0.00 | — | 0.02 | Feb 14, 2022 | Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1;… | |||
| CVE-2021-37153 | 0.00 | — | 0.01 | Aug 25, 2021 | ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | |||
| CVE-2021-37154 | 0.00 | — | 0.01 | Aug 25, 2021 | In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | |||
| CVE-2017-14395 | 0.00 | — | 0.01 | Jun 19, 2019 | Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS. | |||
| CVE-2017-14394 | 0.00 | — | 0.01 | Jun 19, 2019 | OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect. |
- CVE-2023-0582Mar 27, 2024risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
- CVE-2022-3748Apr 14, 2023risk 0.00cvss —epss 0.01
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0.
- CVE-2023-0511Feb 28, 2023risk 0.00cvss —epss 0.01
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
- CVE-2023-0339Feb 28, 2023risk 0.00cvss —epss 0.01
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
- CVE-2022-24669Oct 27, 2022risk 0.00cvss —epss 0.00
It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.
- CVE-2022-24670Oct 27, 2022risk 0.00cvss —epss 0.01
An attacker can use the unrestricted LDAP queries to determine configuration entries
- CVE-2021-4201Feb 14, 2022risk 0.00cvss —epss 0.02
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1;…
- CVE-2021-37153Aug 25, 2021risk 0.00cvss —epss 0.01
ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.
- CVE-2021-37154Aug 25, 2021risk 0.00cvss —epss 0.01
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
- CVE-2017-14395Jun 19, 2019risk 0.00cvss —epss 0.01
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.
- CVE-2017-14394Jun 19, 2019risk 0.00cvss —epss 0.01
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.