Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forgerock access management 7.0.2 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-37154
In ForgeRock Access Management (AM) prior to 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
Forgerock Access Management
7.5
CVSSv2
CVE-2021-4201
Missing access control in ForgeRock Access Management 7.1.0 and previous versions versions on all platforms allows remote unauthenticated malicious users to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions b...
Forgerock Access Management 5.5.2
Forgerock Access Management 6.0.0
Forgerock Access Management 6.0.0.1
Forgerock Access Management 6.0.0.2
Forgerock Access Management 6.0.0.3
Forgerock Access Management 6.0.0.4
Forgerock Access Management 6.0.0.6
Forgerock Access Management 6.0.0.7
Forgerock Access Management 6.5.0
Forgerock Access Management 6.5.0.1
Forgerock Access Management 6.5.0.2
Forgerock Access Management 6.5.1
Forgerock Access Management 6.5.2.1
Forgerock Access Management 6.5.2.2
Forgerock Access Management 6.5.2.3
Forgerock Access Management 6.5.3
Forgerock Access Management 7.0.0
Forgerock Access Management 7.0.1
Forgerock Access Management 7.0.2
Forgerock Access Management 7.1.0
7.5
CVSSv2
CVE-2021-37153
ForgeRock Access Management (AM) prior to 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue.
Forgerock Access Management
NA
CVE-2023-0582
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: prior to 7.3.0, prior to 7.2.1, prior to 7.1.4, up to and including 7.0.2.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started