Description
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)
References
https://backstage.forgerock.com/downloads/browse/idm/featured/connectors
PatchVendor Advisory
https://backstage.forgerock.com/knowledge/kb/article/a11380515
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-09-19T22:15:10.843
2 years agoLast modified
2022-09-21T18:27:15.897
2 years ago