CVE-2022-3748 - OpenCVE

Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. This issue affects Access Management: from 6.5.0 through 7.2.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Forgerock	Access Management

Configuration 1 [-]

cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://backstage.forgerock.com/downloads/browse/am/all/productId:am
https://backstage.forgerock.com/knowledge/kb/article/a34332318
https://backstage.forgerock.com/knowledge/kb/article/a92134872

History

No history.

MITRE

Status: PUBLISHED

Assigner: ForgeRock

Published: 2023-04-14T14:06:30.571Z

Updated: 2024-08-03T01:20:57.676Z

Reserved: 2022-10-28T15:07:25.617Z

Link: CVE-2022-3748

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-04-14T15:15:07.413

Modified: 2023-11-07T03:51:45.893

Link: CVE-2022-3748

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3748", "assignerOrgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa", "state": "PUBLISHED", "assignerShortName": "ForgeRock", "dateReserved": "2022-10-28T15:07:25.617Z", "datePublished": "2023-04-14T14:06:30.571Z", "dateUpdated": "2024-08-03T01:20:57.676Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Access Management", "vendor": "ForgeRock Inc.", "versions": [{"lessThanOrEqual": "7.2.0", "status": "affected", "version": "6.5.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass. <span style=\"background-color: var(--wht);\">This issue affects Access Management: from 6.5.0 through 7.2.0.</span>"}], "value": "Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.\u00a0This issue affects Access Management: from 6.5.0 through 7.2.0."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285 Improper Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6b18ae97-0aab-4af2-9ba4-74b2b139ddfa", "shortName": "ForgeRock", "dateUpdated": "2023-04-14T15:57:03.114Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a92134872"}, {"tags": ["vendor-advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a34332318"}, {"tags": ["product"], "url": "https://backstage.forgerock.com/downloads/browse/am/all/productId:am"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper authorization that can lead to account impersonation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:57.676Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a92134872"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a34332318"}, {"tags": ["product", "x_transferred"], "url": "https://backstage.forgerock.com/downloads/browse/am/all/productId:am"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AC241F8-7562-4EF8-9F10-A4E0FC698CD1", "versionEndIncluding": "7.2.0", "versionStartIncluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.\u00a0This issue affects Access Management: from 6.5.0 through 7.2.0."}], "id": "CVE-2022-3748", "lastModified": "2023-11-07T03:51:45.893", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@forgerock.com", "type": "Secondary"}]}, "published": "2023-04-14T15:15:07.413", "references": [{"source": "psirt@forgerock.com", "tags": ["Permissions Required"], "url": "https://backstage.forgerock.com/downloads/browse/am/all/productId:am"}, {"source": "psirt@forgerock.com", "tags": ["Vendor Advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a34332318"}, {"source": "psirt@forgerock.com", "tags": ["Vendor Advisory"], "url": "https://backstage.forgerock.com/knowledge/kb/article/a92134872"}], "sourceIdentifier": "psirt@forgerock.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "psirt@forgerock.com", "type": "Secondary"}]}