Vulnerability Details : CVE-2022-24669
It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.
Products affected by CVE-2022-24669
- cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
- Forgerock » Access ManagementVersions from including (>=) 6.5.2.1 and up to, including, (<=) 6.5.2.3cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*
- cpe:2.3:a:forgerock:access_management:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:forgerock:access_management:6.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:forgerock:access_management:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:forgerock:access_management:6.5.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-24669
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-24669
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
ForgeRock, Inc. |
CWE ids for CVE-2022-24669
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by:
- nvd@nist.gov (Primary)
- psirt@forgerock.com (Secondary)
References for CVE-2022-24669
-
https://backstage.forgerock.com/downloads/browse/am/featured
Downloads - BackStageProduct
-
https://backstage.forgerock.com/knowledge/kb/article/a90639318
AM Security Advisory #202204 | ForgeRock BackstageVendor Advisory
Jump to