CVE-2023-1656
Published Mar 29, 2023
Last updated a year ago
Overview
- Description
- Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.
- Source
- psirt@forgerock.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forgerock:ldap_connector:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6C49376-B78D-4BCF-A2A3-710F066094AF",
"versionEndExcluding": "1.5.20.14",
"versionStartIncluding": "1.5.20.9"
}
],
"operator": "OR"
}
]
}
]