VYPR

Access Management

by Forgerock

CVEs (11)

  • CVE-2023-0582Mar 27, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.

  • CVE-2022-3748Apr 14, 2023
    risk 0.00cvss epss 0.01

    Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0.

  • CVE-2023-0511Feb 28, 2023
    risk 0.00cvss epss 0.01

    Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1

  • CVE-2023-0339Feb 28, 2023
    risk 0.00cvss epss 0.01

    Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1

  • CVE-2022-24669Oct 27, 2022
    risk 0.00cvss epss 0.00

    It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.

  • CVE-2022-24670Oct 27, 2022
    risk 0.00cvss epss 0.01

    An attacker can use the unrestricted LDAP queries to determine configuration entries

  • CVE-2021-4201Feb 14, 2022
    risk 0.00cvss epss 0.02

    Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1;…

  • CVE-2021-37153Aug 25, 2021
    risk 0.00cvss epss 0.01

    ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.

  • CVE-2021-37154Aug 25, 2021
    risk 0.00cvss epss 0.01

    In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.

  • CVE-2017-14395Jun 19, 2019
    risk 0.00cvss epss 0.01

    Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS.

  • CVE-2017-14394Jun 19, 2019
    risk 0.00cvss epss 0.01

    OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect.