← Voltar para CVEs
CVE-2025-20628
N/ADescricao
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado4/7/2026
Ultima modificacao4/8/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-1220
Referencias
https://backstage.forgerock.com/knowledge/advisories/article/a14305629?rev=_newest(responsible-disclosure@pingidentity.com)
https://backstage.pingidentity.com/downloads/browse/idm/featured(responsible-disclosure@pingidentity.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.