CVE-2025-20628— Insufficient granularity of access control for Remote Connector Servers in client mode

Insufficient granularity of access control for Remote Connector Servers in client mode

An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.

N/A

CWE-1220

PingIdentity PingIDM 安全漏洞

PingIdentity PingIDM是美国PingIdentity公司的一个身份数据管理平台。 PingIdentity PingIDM存在安全漏洞，该漏洞源于访问控制粒度不足，可能导致攻击者拦截或修改身份的安全相关属性。

N/A

N/A