CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0582 – Path Traversal in ForgeRock Access Managment
https://notcve.org/view.php?id=CVE-2023-0582
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. La limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en ForgeRock Access Management permite eludir la autorización. Este problema afecta la gestión de acceso: antes de 7.3.0, antes de 7.2.1, antes de 7.1.4, hasta 7.0.2. • https://backstage.forgerock.com/downloads/browse/am/featured https://backstage.forgerock.com/knowledge/kb/article/a64088600 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3748 – Improper authorization that can lead to account impersonation
https://notcve.org/view.php?id=CVE-2022-3748
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0. • https://backstage.forgerock.com/downloads/browse/am/all/productId:am https://backstage.forgerock.com/knowledge/kb/article/a34332318 https://backstage.forgerock.com/knowledge/kb/article/a92134872 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1656 – When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.
https://notcve.org/view.php?id=CVE-2023-1656
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13. • https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14 https://backstage.forgerock.com/knowledge/kb/article/a14149722 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0511 – AM Java Policy Agent path traversal
https://notcve.org/view.php?id=CVE-2023-0511
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1 • https://backstage.forgerock.com/downloads/browse/am/featured/java-agents https://backstage.forgerock.com/knowledge/kb/article/a21576868 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0339 – AM Web Policy Agent path traversal
https://notcve.org/view.php?id=CVE-2023-0339
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1 • https://backstage.forgerock.com/downloads/browse/am/featured/web-agents https://backstage.forgerock.com/knowledge/kb/article/a21576868 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •