High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-29	CVE-2023-1656	Cleartext Transmission of Sensitive Information vulnerability in Forgerock Ldap Connector Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. network low complexity forgerock CWE-319	7.5
2021-03-25	CVE-2021-29156	Injection vulnerability in Forgerock Openam ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. network low complexity forgerock CWE-74	7.5
2019-08-05	CVE-2019-3800	Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. local low complexity pivotal apigee newrelic microsoft appdynamics bluemedora contrastsecurity cyberark datadoghq datastax dynatrace forgerock google ibm pagerduty riverbed signalsciences wavefront tibco solace snyk samba splunk sumologic synopsys yugabyte anynines CWE-200	7.8
2017-02-03	CVE-2016-6500	Improper Input Validation vulnerability in Forgerock Racf Connector 1.1.0.0 Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning. network high complexity forgerock CWE-20	8.1
2017-01-02	CVE-2016-10097	XXE vulnerability in Forgerock Openam 10.1.0 XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. network low complexity forgerock CWE-611	7.5