Search criteria
2 vulnerabilities found for Access Management Java Policy Agent by ForgeRock
CVE-2023-0511 (GCVE-0-2023-0511)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:26 – Updated: 2025-04-14 17:04
VLAI
Title
AM Java Policy Agent path traversal
Summary
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
Severity
9.1 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForgeRock | Access Management Java Policy Agent |
Affected:
1.0.0 , ≤ 5.10.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:46:18.752247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:46:27.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Management Java Policy Agent",
"vendor": "ForgeRock",
"versions": [
{
"lessThanOrEqual": "5.10.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u0026nbsp;\u003cp\u003eThis issue affects Access Management Java Policy Agent: all versions up to 5.10.1\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u00a0This issue affects Access Management Java Policy Agent: all versions up to 5.10.1"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:04:00.356Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AM Java Policy Agent path traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2023-0511",
"datePublished": "2023-02-28T16:26:19.817Z",
"dateReserved": "2023-01-26T11:42:00.071Z",
"dateUpdated": "2025-04-14T17:04:00.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0511 (GCVE-0-2023-0511)
Vulnerability from nvd – Published: 2023-02-28 16:26 – Updated: 2025-04-14 17:04
VLAI
Title
AM Java Policy Agent path traversal
Summary
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
Severity
9.1 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForgeRock | Access Management Java Policy Agent |
Affected:
1.0.0 , ≤ 5.10.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:46:18.752247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:46:27.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Management Java Policy Agent",
"vendor": "ForgeRock",
"versions": [
{
"lessThanOrEqual": "5.10.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u0026nbsp;\u003cp\u003eThis issue affects Access Management Java Policy Agent: all versions up to 5.10.1\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u00a0This issue affects Access Management Java Policy Agent: all versions up to 5.10.1"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:04:00.356Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AM Java Policy Agent path traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2023-0511",
"datePublished": "2023-02-28T16:26:19.817Z",
"dateReserved": "2023-01-26T11:42:00.071Z",
"dateUpdated": "2025-04-14T17:04:00.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}