Security Advisory

IDM Security Advisory #202002

Last updated Sep 8, 2020

A security vulnerability has been discovered in an IDM component. This issue is present in version 7.0.0 of ForgeRock Identity Management.


September 8, 2020

A security vulnerability has been discovered in an IDM component. The issue is present in IDM 7.0.0.

This advisory provides guidance on how to ensure your deployments can be secured. Workarounds or patches are available to resolve the issue.

The maximum severity of issues in this advisory is Critical. Deployers should take steps as outlined in this advisory and deploy the recommended workarounds or resolutions as described within each issue below.

Issue #202002-01: Authentication Error(s)

Product ForgeRock Identity Management
Affected versions IDM 7.0.0
Fixed versions IDM 7.0.1
Component IDM Remote Connector Server (RCS)
Severity Critical

Description:

Servlet authentication bypasses IDM's authentication filter.

Workaround:

Disable endpoint.

Resolution:

Upgrade to IDM 7.0.1.

Change Log

The following table tracks changes to the security advisory:

Date  Description
September 8, 2020 Initial release


Copyright and TrademarksCopyright © 2020 ForgeRock, all rights reserved.
Loading...