Vulnerabilities > Forgerock > Access Management > 6.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2022-3748 | Unspecified vulnerability in Forgerock Access Management Improper Authorization vulnerability in ForgeRock Inc. | 9.8 |
| 2022-10-27 | CVE-2022-24669 | Missing Authorization vulnerability in Forgerock Access Management It may be possible to gain some details of the deployment through a well-crafted attack. | 6.5 |
| 2022-10-27 | CVE-2022-24670 | Unspecified vulnerability in Forgerock Access Management An attacker can use the unrestricted LDAP queries to determine configuration entries | 6.5 |
| 2022-02-14 | CVE-2021-4201 | Improper Authentication vulnerability in Forgerock Access Management Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. | 7.5 |
| 2021-08-25 | CVE-2021-37153 | Unspecified vulnerability in Forgerock Access Management ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | 7.5 |
| 2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 10.0 |