Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

forgerock — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting forgerock. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ForgeRock provides identity and access management solutions, serving as a core authentication platform for enterprises. Historically, its products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with seven CVEs currently recorded. The platform's security characteristics include its widespread use in critical infrastructure, making any vulnerabilities particularly impactful. While no major public security incidents have been widely documented, the consistent discovery of CVEs suggests ongoing challenges in maintaining secure implementations across its complex authentication and authorization frameworks.

Top products by forgerock: Access Management LDAP Connector Access Management Web Policy Agent Access Management Java Policy Agent
CVE IDTitleCVSSSeverityPublished
CVE-2023-0582 Path Traversal in ForgeRock Access Managment — access managementCWE-22 8.1 High2024-03-27
CVE-2023-0511 AM Java Policy Agent path traversal — Access Management Java Policy AgentCWE-23 9.1 Critical2023-02-28
CVE-2023-0339 AM Web Policy Agent path traversal — Access Management Web Policy AgentCWE-23 9.1 Critical2023-02-28
CVE-2022-24669 Anonymous users can register / de-register for configuration change notifications — Access ManagementCWE-862 6.5 Medium2022-10-27
CVE-2022-24670 Any user can run unrestricted LDAP queries against a configuration endpoint — Access ManagementCWE-200 7.1 High2022-10-27
CVE-2022-0143 LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password — LDAP ConnectorCWE-284 9.3 Critical2022-09-19
CVE-2021-4201 Pre-authentication session hijacking — Access ManagementCWE-284 9.6 Critical2022-02-14

This page lists every published CVE security advisory associated with forgerock. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.