PT-2023-16321 · Forgerock · Forgerock Access Management Java Policy Agent

Robert Byrne

Publicado

2023-02-28

Atualizado

2023-03-09

CVE-2023-0511

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ForgeRock Access Management Java Policy Agent versions up to 5.10.1

Description The issue is related to a Relative Path Traversal vulnerability that allows Authentication Bypass in the ForgeRock Access Management Java Policy Agent.

Recommendations For versions up to 5.10.1, update to a version later than 5.10.1 to resolve the issue. At the moment, there is no information about other mitigation measures for this vulnerability.

Correção

Path traversal

Relative Path Traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22CWE-23

Identificadores relacionados

CVE-2023-0511

Produtos afetados

Forgerock Access Management Java Policy Agent

PT-2023-16321 · Forgerock · Forgerock Access Management Java Policy Agent

CVE-2023-0511

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5