Vulnerabilities > Forgerock > Access Management > 7.1.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-25566 Open Redirect vulnerability in Forgerock Access Management
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs.
network
low complexity
forgerock CWE-601
6.1
2024-03-27 CVE-2023-0582 Path Traversal vulnerability in Forgerock Access Management
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.
network
low complexity
forgerock CWE-22
critical
9.8
2023-04-14 CVE-2022-3748 Unspecified vulnerability in Forgerock Access Management
Improper Authorization vulnerability in ForgeRock Inc.
network
low complexity
forgerock
critical
9.8
2022-10-27 CVE-2022-24669 Missing Authorization vulnerability in Forgerock Access Management
It may be possible to gain some details of the deployment through a well-crafted attack.
network
low complexity
forgerock CWE-862
6.5
2022-10-27 CVE-2022-24670 Unspecified vulnerability in Forgerock Access Management
An attacker can use the unrestricted LDAP queries to determine configuration entries
network
low complexity
forgerock
6.5
2022-02-14 CVE-2021-4201 Improper Authentication vulnerability in Forgerock Access Management
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.
network
low complexity
forgerock CWE-287
critical
9.8