Content Center

ICF Security Advisory #202102

Last updated Sep 25, 2023

ForgeRock has discovered two security vulnerabilities in the Identity Connector Framework (ICF).

April 20, 2021

ForgeRock has discovered two Medium-level security vulnerabilities present in supported versions of Identity Connector Framework (ICF), part of Remote Connector Server (RCS) implementation.

This advisory provides guidance on how to ensure your deployments are properly secured. The recommendation is to update ICF to version 1.5.20.0. The ICF is updated by upgrading the RCS.

Note

The vulnerabilities and upgrade only apply to the Java® version of RCS.

Customers can download the latest release of the Java RCS from Backstage

See How do I upgrade the Java Remote Connector Server (RCS) for Advanced Identity Cloud and PingIDM? for instructions on upgrading the RCS. 

Issue #20210201

Product ICF
Affected versions All prior to 1.5.20.0
Fixed versions 1.5.20.0
Component LDAP connector
Severity Medium

Description:

A weak cipher was used to generate random values.

Workaround:

None.

Resolution:

Upgrade to ICF 1.5.20.

Issue #20210202

Product ICF
Affected versions All prior to 1.5.20.0 
Fixed versions 1.5.20.0
Component Core Server
Severity Medium

Description:

The XML handler allowed insecure documents.

Workaround:

None.

Resolution:

Upgrade to ICF 1.5.20.

Change Log

The following table tracks changes to the security advisory:

Date  Description
Sept 25, 2023 Added product tags to improve search
June 14, 2023 Corrected doc link
April 25, 2023 Updated tags to improve search
September 28, 2022 Fixed broken doc link
June 24, 2021 Added a Security taxon to improve categorization
April 20, 2021  Initial release
Copyright and TrademarksCopyright © undefined ForgeRock, all rights reserved.
In this article

Visit our Community

Have questions? Find answers from our worldwide Community of experts!