CVE-2021-37153 — CVSS 9.8 (critical): ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass…
CVE-2021-37154 — CVSS 9.8 (critical): In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0…
CVE-2021-4201 — CVSS 9.6 (critical): Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers…
CVE-2023-0582 — CVSS 8.1 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows…
CVE-2022-24669 — CVSS 6.5 (medium): It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe…
CVE-2018-7272 — CVSS 6.5 (medium): The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information…
CVE-2024-25566 — CVSS 6.1 (medium): An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could…
CVE-2017-14395 — CVSS 6.1 (medium): Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not…
CVE-2017-14394 — CVSS 6.1 (medium): OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not…