2 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13. • https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14 https://backstage.forgerock.com/knowledge/kb/article/a14149722 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS) Cuando el conector LDAP es iniciado con StartTLS configurado, es concedido acceso no autenticado. Este problema afecta a: todas las versiones del conector LDAP anteriores a 1.5.20.9. El conector LDAP es incluido con Identity Management (IDM) y Remote Connector Server (RCS) • https://backstage.forgerock.com/downloads/browse/idm/featured/connectors https://backstage.forgerock.com/knowledge/kb/article/a11380515 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •