CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0582 – Path Traversal in ForgeRock Access Managment
https://notcve.org/view.php?id=CVE-2023-0582
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2. La limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en ForgeRock Access Management permite eludir la autorización. Este problema afecta la gestión de acceso: antes de 7.3.0, antes de 7.2.1, antes de 7.1.4, hasta 7.0.2. • https://backstage.forgerock.com/downloads/browse/am/featured https://backstage.forgerock.com/knowledge/kb/article/a64088600 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3748 – Improper authorization that can lead to account impersonation
https://notcve.org/view.php?id=CVE-2022-3748
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0. • https://backstage.forgerock.com/downloads/browse/am/all/productId:am https://backstage.forgerock.com/knowledge/kb/article/a34332318 https://backstage.forgerock.com/knowledge/kb/article/a92134872 • CWE-285: Improper Authorization •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-24670 – Any user can run unrestricted LDAP queries against a configuration endpoint
https://notcve.org/view.php?id=CVE-2022-24670
An attacker can use the unrestricted LDAP queries to determine configuration entries Un atacante puede utilizar las consultas LDAP sin restricciones para determinar las entradas de configuración. • https://backstage.forgerock.com/downloads/browse/am/featured https://backstage.forgerock.com/knowledge/kb/article/a90639318 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •