Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms allows remote unauthenticated attackers to hijack sessions, including potentially admin-level sessions. This issue affects: ForgeRock Access Management 7.1 versions prior to 7.1.1; 6.5 versions prior to 6.5.4; all previous versions.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Access_management | Forgerock | 5.5.2 (including) | 5.5.2 (including) |
| Access_management | Forgerock | 6.0.0 (including) | 6.0.0 (including) |
| Access_management | Forgerock | 6.0.0.1 (including) | 6.0.0.1 (including) |
| Access_management | Forgerock | 6.0.0.2 (including) | 6.0.0.2 (including) |
| Access_management | Forgerock | 6.0.0.3 (including) | 6.0.0.3 (including) |
| Access_management | Forgerock | 6.0.0.4 (including) | 6.0.0.4 (including) |
| Access_management | Forgerock | 6.0.0.6 (including) | 6.0.0.6 (including) |
| Access_management | Forgerock | 6.0.0.7 (including) | 6.0.0.7 (including) |
| Access_management | Forgerock | 6.5.0 (including) | 6.5.0 (including) |
| Access_management | Forgerock | 6.5.0.1 (including) | 6.5.0.1 (including) |
| Access_management | Forgerock | 6.5.0.2 (including) | 6.5.0.2 (including) |
| Access_management | Forgerock | 6.5.1 (including) | 6.5.1 (including) |
| Access_management | Forgerock | 6.5.2.1 (including) | 6.5.2.1 (including) |
| Access_management | Forgerock | 6.5.2.2 (including) | 6.5.2.2 (including) |
| Access_management | Forgerock | 6.5.2.3 (including) | 6.5.2.3 (including) |
| Access_management | Forgerock | 6.5.3 (including) | 6.5.3 (including) |
| Access_management | Forgerock | 7.0.0 (including) | 7.0.0 (including) |
| Access_management | Forgerock | 7.0.1 (including) | 7.0.1 (including) |
| Access_management | Forgerock | 7.0.2 (including) | 7.0.2 (including) |
| Access_management | Forgerock | 7.1.0 (including) | 7.1.0 (including) |