Vulnerabilities > Forgerock
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2022-3748 | Unspecified vulnerability in Forgerock Access Management Improper Authorization vulnerability in ForgeRock Inc. | 9.8 |
| 2023-03-29 | CVE-2023-1656 | Cleartext Transmission of Sensitive Information vulnerability in Forgerock Ldap Connector Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. | 7.5 |
| 2023-02-28 | CVE-2023-0339 | Path Traversal vulnerability in Forgerock web Policy Agents 5.10/5.10.1 Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 | 9.8 |
| 2023-02-28 | CVE-2023-0511 | Path Traversal vulnerability in Forgerock Java Policy Agents 5.10.1 Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 | 9.8 |
| 2022-10-27 | CVE-2022-24669 | Missing Authorization vulnerability in Forgerock Access Management It may be possible to gain some details of the deployment through a well-crafted attack. | 6.5 |
| 2022-10-27 | CVE-2022-24670 | Unspecified vulnerability in Forgerock Access Management An attacker can use the unrestricted LDAP queries to determine configuration entries | 6.5 |
| 2022-02-14 | CVE-2021-4201 | Improper Authentication vulnerability in Forgerock Access Management Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. | 7.5 |
| 2021-08-25 | CVE-2021-37153 | Unspecified vulnerability in Forgerock Access Management ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | 7.5 |
| 2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 10.0 |
| 2021-07-22 | CVE-2021-35464 | Deserialization of Untrusted Data vulnerability in Forgerock AM and Openam ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. | 10.0 |