← Volver a CVEs
CVE-2025-20628
N/ADescripcion
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado4/7/2026
Ultima modificacion4/8/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-1220
Referencias
https://backstage.forgerock.com/knowledge/advisories/article/a14305629?rev=_newest(responsible-disclosure@pingidentity.com)
https://backstage.pingidentity.com/downloads/browse/idm/featured(responsible-disclosure@pingidentity.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.