Forgerock Access_management

12 CVEs affecting Forgerock Access_management. Latest disclosed: 2024-10-29. Critical: 5, High: 2.

Top CVEs affecting Forgerock Access_management
CVESeverityScorePublishedSummary
CVE-2022-3748Critical9.82023-04-14Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through…
CVE-2021-37154Critical9.82021-08-25In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
CVE-2021-37153Critical9.82021-08-25ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.
CVE-2021-35464Critical9.82021-07-22ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require…
CVE-2021-4201Critical9.62022-02-14Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, i…
CVE-2023-0582High8.12024-03-27Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This…
CVE-2022-24670High7.12022-10-27An attacker can use the unrestricted LDAP queries to determine configuration entries
CVE-2022-24669Medium6.52022-10-27It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.
CVE-2018-7272Medium6.52018-02-21The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID val…
CVE-2024-25566Medium6.12024-10-29An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to red…
CVE-2017-14395Medium6.12019-06-19Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect…
CVE-2017-14394Medium6.12019-06-19OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirec…