forgerock
Unclassifiedunknown
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting forgerock.
- CVE-2024-25566Open Redirect in PingAM6.1
- CVE-2023-0582Path Traversal in ForgeRock Access Managment8.1
- CVE-2022-3748Improper authorization that can lead to account impersonation9.8
- CVE-2023-1656When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.7.5
- CVE-2023-0511AM Java Policy Agent path traversal9.1
- CVE-2023-0339AM Web Policy Agent path traversal9.1
- CVE-2022-24669Anonymous users can register / de-register for configuration change notifications6.5
- CVE-2022-24670Any user can run unrestricted LDAP queries against a configuration endpoint7.1
- CVE-2022-0143LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password9.3
- CVE-2021-4201Pre-authentication session hijacking9.6
- CVE-2021-37153ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.9.8
- CVE-2021-37154In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.9.8
- CVE-2021-35464ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execut...KEV9.8
- CVE-2021-29156ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retriev...7.5
- CVE-2020-17465Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6.6.1