CVE-2023-0582

Опубликовано: 27 мар. 2024

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

EPSS Низкий

Описание

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass.

This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.

Ссылки

https://backstage.forgerock.com/downloads/browse/am/featured
Product
https://backstage.forgerock.com/knowledge/kb/article/a64088600
Vendor Advisory
https://backstage.forgerock.com/downloads/browse/am/featured
Product
https://backstage.forgerock.com/knowledge/kb/article/a64088600
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*

Версия до 7.1.4 (исключая)

cpe:2.3:a:forgerock:access_management:7.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-5cwm-4qj6-4xfm

CVSS3: 8.1

github

почти 2 года назад

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.

EPSS

Процентиль: 10%

0.00035

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22