← Zuruck zu CVEs
CVE-2025-20628
N/ABeschreibung
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht4/7/2026
Zuletzt geandert4/8/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-1220
Referenzen
https://backstage.forgerock.com/knowledge/advisories/article/a14305629?rev=_newest(responsible-disclosure@pingidentity.com)
https://backstage.pingidentity.com/downloads/browse/idm/featured(responsible-disclosure@pingidentity.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.