Vulnerabilities > Forgerock > Access Management > 6.5.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-25566 | Open Redirect vulnerability in Forgerock Access Management An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. | 6.1 |
| 2024-03-27 | CVE-2023-0582 | Path Traversal vulnerability in Forgerock Access Management Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | 9.8 |
| 2023-04-14 | CVE-2022-3748 | Unspecified vulnerability in Forgerock Access Management Improper Authorization vulnerability in ForgeRock Inc. | 9.8 |
| 2022-10-27 | CVE-2022-24669 | Missing Authorization vulnerability in Forgerock Access Management It may be possible to gain some details of the deployment through a well-crafted attack. | 6.5 |
| 2022-10-27 | CVE-2022-24670 | Unspecified vulnerability in Forgerock Access Management An attacker can use the unrestricted LDAP queries to determine configuration entries | 6.5 |
| 2021-08-25 | CVE-2021-37153 | Unspecified vulnerability in Forgerock Access Management ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | 9.8 |
| 2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 9.8 |