Vulnerabilities > Forgerock > Access Management > 7.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-25566 | Open Redirect vulnerability in Forgerock Access Management An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. | 6.1 |
| 2024-03-27 | CVE-2023-0582 | Path Traversal vulnerability in Forgerock Access Management Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. | 9.8 |
| 2023-04-14 | CVE-2022-3748 | Unspecified vulnerability in Forgerock Access Management Improper Authorization vulnerability in ForgeRock Inc. | 9.8 |
| 2022-10-27 | CVE-2022-24669 | Missing Authorization vulnerability in Forgerock Access Management It may be possible to gain some details of the deployment through a well-crafted attack. | 6.5 |
| 2022-10-27 | CVE-2022-24670 | Unspecified vulnerability in Forgerock Access Management An attacker can use the unrestricted LDAP queries to determine configuration entries | 6.5 |
| 2022-02-14 | CVE-2021-4201 | Improper Authentication vulnerability in Forgerock Access Management Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. | 9.8 |
| 2021-08-25 | CVE-2021-37153 | Unspecified vulnerability in Forgerock Access Management ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | 9.8 |
| 2021-08-25 | CVE-2021-37154 | XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 9.8 |