← Retour aux CVEs
CVE-2025-20628
N/ADescription
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
Details CVE
Score CVSS v3.1N/A
Publie4/7/2026
Derniere modification4/8/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-1220
References
https://backstage.forgerock.com/knowledge/advisories/article/a14305629?rev=_newest(responsible-disclosure@pingidentity.com)
https://backstage.pingidentity.com/downloads/browse/idm/featured(responsible-disclosure@pingidentity.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.