Vulnerabilities > Forgerock > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-29 | CVE-2023-1656 | Cleartext Transmission of Sensitive Information vulnerability in Forgerock Ldap Connector Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. | 7.5 |
2021-03-25 | CVE-2021-29156 | Injection vulnerability in Forgerock Openam ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. | 7.5 |
2019-08-05 | CVE-2019-3800 | Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. | 7.8 |
2017-02-03 | CVE-2016-6500 | Improper Input Validation vulnerability in Forgerock Racf Connector 1.1.0.0 Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning. | 8.1 |
2017-01-02 | CVE-2016-10097 | XXE vulnerability in Forgerock Openam 10.1.0 XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | 7.5 |