Vulnerabilities > Forgerock > Access Management > 5.5.1

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-25566 Open Redirect vulnerability in Forgerock Access Management
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs.
network
low complexity
forgerock CWE-601
6.1
2024-03-27 CVE-2023-0582 Path Traversal vulnerability in Forgerock Access Management
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
network
low complexity
forgerock CWE-22
critical
9.8
2021-08-25 CVE-2021-37154 XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
network
low complexity
forgerock CWE-91
critical
9.8
2021-07-22 CVE-2021-35464 Deserialization of Untrusted Data vulnerability in Forgerock Access Management and Openam
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.
network
low complexity
forgerock CWE-502
critical
9.8