Vulnerabilities > Forgerock > Access Management > 6.5.4

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-25566 Open Redirect vulnerability in Forgerock Access Management
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs.
network
low complexity
forgerock CWE-601
6.1
2024-03-27 CVE-2023-0582 Path Traversal vulnerability in Forgerock Access Management
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
network
low complexity
forgerock CWE-22
critical
9.8
2023-04-14 CVE-2022-3748 Unspecified vulnerability in Forgerock Access Management
Improper Authorization vulnerability in ForgeRock Inc.
network
low complexity
forgerock
critical
9.8
2022-10-27 CVE-2022-24669 Missing Authorization vulnerability in Forgerock Access Management
It may be possible to gain some details of the deployment through a well-crafted attack.
network
low complexity
forgerock CWE-862
6.5
2022-10-27 CVE-2022-24670 Unspecified vulnerability in Forgerock Access Management
An attacker can use the unrestricted LDAP queries to determine configuration entries
network
low complexity
forgerock
6.5
2021-08-25 CVE-2021-37153 Unspecified vulnerability in Forgerock Access Management
ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.
network
low complexity
forgerock
critical
9.8
2021-08-25 CVE-2021-37154 XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
network
low complexity
forgerock CWE-91
critical
9.8