Vulnerabilities > Forgerock > Access Management > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2022-3748 Unspecified vulnerability in Forgerock Access Management
Improper Authorization vulnerability in ForgeRock Inc.
network
low complexity
forgerock
critical
 9.8
9.8
2021-08-25 CVE-2021-37154 XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
network
low complexity
forgerock CWE-91
critical
 10.0
10