CVE-2022-3748 - OpenCVE

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Forgerock	Access Management

Configuration 1 [-]

cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*

References

Link	Resource
https://backstage.forgerock.com/downloads/browse/am/all/productId:am	Permissions Required
https://backstage.forgerock.com/knowledge/kb/article/a34332318	Vendor Advisory
https://backstage.forgerock.com/knowledge/kb/article/a92134872	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ForgeRock

Published: 2023-04-14T14:06:30.571Z

Updated: 2023-04-14T15:57:03.114Z

Reserved: 2022-10-28T15:07:25.617Z

Link: CVE-2022-3748

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-14T15:15:07.413

Modified: 2023-11-07T03:51:45.893

Link: CVE-2022-3748

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-3748", "assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa", "state": "PUBLISHED", "assignerShortName": "ForgeRock", "dateReserved": "2022-10-28T15:07:25.617Z", "datePublished": "2023-04-14T14:06:30.571Z", "dateUpdated": "2023-04-14T15:57:03.114Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Access Management", "vendor": "ForgeRock Inc.", "versions": [{"lessThanOrEqual": "7.2.0", "status": "affected", "version": "6.5.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. <span style=\"background-color: var(--wht);\">This issue affects Access Management: from 6.5.0 through 7.2.0.</span>"}], "value": "Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.\u00a0This issue affects Access Management: from 6.5.0 through 7.2.0."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa", "shortName": "ForgeRock", "dateUpdated": "2023-04-14T15:57:03.114Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a92134872"}, {"tags": ["vendor-advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a34332318"}, {"tags": ["product"], "url": "https://backstage.forgerock.com/downloads/browse/am/all/productId:am"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper authorization that can lead to account impersonation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AC241F8-7562-4EF8-9F10-A4E0FC698CD1", "versionEndIncluding": "7.2.0", "versionStartIncluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.\u00a0This issue affects Access Management: from 6.5.0 through 7.2.0."}], "id": "CVE-2022-3748", "lastModified": "2023-11-07T03:51:45.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@forgerock.com", "type": "Secondary"}]}, "published": "2023-04-14T15:15:07.413", "references": [{"source": "psirt@forgerock.com", "tags": ["Permissions Required"], "url": "https://backstage.forgerock.com/downloads/browse/am/all/productId:am"}, {"source": "psirt@forgerock.com", "tags": ["Vendor Advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a34332318"}, {"source": "psirt@forgerock.com", "tags": ["Vendor Advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a92134872"}], "sourceIdentifier": "psirt@forgerock.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@forgerock.com", "type": "Secondary"}]}