Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Access Management Java Policy Agent by ForgeRock
CVE-2023-0511 (GCVE-0-2023-0511)
Vulnerability from nvd – Published: 2023-02-28 16:26 – Updated: 2025-04-14 17:04
VLAI
Title
AM Java Policy Agent path traversal
Summary
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForgeRock | Access Management Java Policy Agent |
Affected:
1.0.0 , ≤ 5.10.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:46:18.752247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:46:27.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Management Java Policy Agent",
"vendor": "ForgeRock",
"versions": [
{
"lessThanOrEqual": "5.10.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u0026nbsp;\u003cp\u003eThis issue affects Access Management Java Policy Agent: all versions up to 5.10.1\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u00a0This issue affects Access Management Java Policy Agent: all versions up to 5.10.1"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:04:00.356Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AM Java Policy Agent path traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2023-0511",
"datePublished": "2023-02-28T16:26:19.817Z",
"dateReserved": "2023-01-26T11:42:00.071Z",
"dateUpdated": "2025-04-14T17:04:00.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0511 (GCVE-0-2023-0511)
Vulnerability from cvelistv5 – Published: 2023-02-28 16:26 – Updated: 2025-04-14 17:04
VLAI
Title
AM Java Policy Agent path traversal
Summary
Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ForgeRock | Access Management Java Policy Agent |
Affected:
1.0.0 , ≤ 5.10.1
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"tags": [
"x_transferred"
],
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T20:46:18.752247Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T20:46:27.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Management Java Policy Agent",
"vendor": "ForgeRock",
"versions": [
{
"lessThanOrEqual": "5.10.1",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u0026nbsp;\u003cp\u003eThis issue affects Access Management Java Policy Agent: all versions up to 5.10.1\u003c/p\u003e"
}
],
"value": "Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass.\u00a0This issue affects Access Management Java Policy Agent: all versions up to 5.10.1"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:04:00.356Z",
"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"shortName": "ForgeRock"
},
"references": [
{
"url": "https://backstage.forgerock.com/downloads/browse/am/featured/java-agents"
},
{
"url": "https://backstage.forgerock.com/knowledge/kb/article/a21576868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "AM Java Policy Agent path traversal",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa",
"assignerShortName": "ForgeRock",
"cveId": "CVE-2023-0511",
"datePublished": "2023-02-28T16:26:19.817Z",
"dateReserved": "2023-01-26T11:42:00.071Z",
"dateUpdated": "2025-04-14T17:04:00.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}