Vulnerabilities > Forgerock > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2022-3748 Unspecified vulnerability in Forgerock Access Management
Improper Authorization vulnerability in ForgeRock Inc.
network
low complexity
forgerock
critical
 9.8
9.8
2023-02-28 CVE-2023-0339 Path Traversal vulnerability in Forgerock web Policy Agents 5.10/5.10.1
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
network
low complexity
forgerock CWE-22
critical
 9.8
9.8
2023-02-28 CVE-2023-0511 Path Traversal vulnerability in Forgerock Java Policy Agents 5.10.1
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
network
low complexity
forgerock CWE-22
critical
 9.8
9.8
2022-09-19 CVE-2022-0143 Incorrect Authorization vulnerability in Forgerock Ldap Connector
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted.
network
low complexity
forgerock CWE-863
critical
 9.8
9.8
2022-02-14 CVE-2021-4201 Improper Authentication vulnerability in Forgerock Access Management
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions.
network
low complexity
forgerock CWE-287
critical
 9.8
9.8
2021-08-25 CVE-2021-37153 Unspecified vulnerability in Forgerock Access Management
ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.
network
low complexity
forgerock
critical
 9.8
9.8
2021-08-25 CVE-2021-37154 XML Injection (aka Blind XPath Injection) vulnerability in Forgerock Access Management
In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
network
low complexity
forgerock CWE-91
critical
 9.8
9.8
2021-07-22 CVE-2021-35464 Deserialization of Untrusted Data vulnerability in Forgerock AM and Openam
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.
network
low complexity
forgerock CWE-502
critical
 9.8
9.8