Vulnerabilities > Forgerock > Access Management > 5.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-29 | CVE-2024-25566 | Open Redirect vulnerability in Forgerock Access Management An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. | 6.1 |
2024-03-27 | CVE-2023-0582 | Path Traversal vulnerability in Forgerock Access Management Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | 9.8 |
2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 9.8 |
2021-07-22 | CVE-2021-35464 | Deserialization of Untrusted Data vulnerability in Forgerock Access Management and Openam ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. | 9.8 |