6 results (0.020 seconds)

CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. La limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en ForgeRock Access Management permite eludir la autorización. Este problema afecta la gestión de acceso: antes de 7.3.0, antes de 7.2.1, antes de 7.1.4, hasta 7.0.2. • https://backstage.forgerock.com/downloads/browse/am/featured https://backstage.forgerock.com/knowledge/kb/article/a64088600 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. Quizás sea posible obtener algunos detalles del despliegue mediante un ataque bien elaborado. Esto puede permitir que esos datos se utilicen para sondear los servicios de la red interna. • https://backstage.forgerock.com/downloads/browse/am/featured https://backstage.forgerock.com/knowledge/kb/article/a90639318 • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

An attacker can use the unrestricted LDAP queries to determine configuration entries Un atacante puede utilizar las consultas LDAP sin restricciones para determinar las entradas de configuración. • https://backstage.forgerock.com/downloads/browse/am/featured https://backstage.forgerock.com/knowledge/kb/article/a90639318 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions. Una falta de control de acceso en ForgeRock Access Management versión 7.1.0 y versiones anteriores, en todas las plataformas permite a atacantes remotos no autenticados secuestrar sesiones, incluyendo potencialmente sesiones a nivel de administrador. Este problema afecta a: ForgeRock Access Management versiones 7.1 anteriores a 7.1.1; versiones 6.5 anteriores a 6.5.4; todas las versiones anteriores • https://backstage.forgerock.com/knowledge/kb/article/a50037155#x7ZPA0 • CWE-284: Improper Access Control CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. ForgeRock Access Management (AM) versiones anteriores a 7.0.2, cuando está configurado con Active Directory como Almacén de Identidades, presenta un problema de omisión de autenticación. • https://backstage.forgerock.com/knowledge/kb/article/a55763454 https://www.forgerock.com/platform/access-management •