Vulnerabilities > Forgerock > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2023-1656 Cleartext Transmission of Sensitive Information vulnerability in Forgerock Ldap Connector
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc.
network
low complexity
forgerock CWE-319
7.5
2021-03-25 CVE-2021-29156 Injection vulnerability in Forgerock Openam
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol.
network
low complexity
forgerock CWE-74
7.5
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag.
7.8
2017-02-03 CVE-2016-6500 Improper Input Validation vulnerability in Forgerock Racf Connector 1.1.0.0
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.
network
high complexity
forgerock CWE-20
8.1
2017-01-02 CVE-2016-10097 XXE vulnerability in Forgerock Openam 10.1.0
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
network
low complexity
forgerock CWE-611
7.5