Security Advisory
ForgeRock Identity Platform
Does not apply to Identity Cloud

IDM Security Advisory #202002

Last updated Sep 28, 2022

A security vulnerability has been discovered in an IDM component. This issue is present in version 7.0.0 of ForgeRock Identity Management.


September 8, 2020

A security vulnerability has been discovered in an IDM component. The issue is present in IDM 7.0.0.

This advisory provides guidance on how to ensure your deployments can be secured. Workarounds or patches are available to resolve the issue.

The maximum severity of issues in this advisory is Critical. Deployers should take steps as outlined in this advisory and deploy the recommended workarounds or resolutions as described within each issue below.

Issue #202002-01: Authentication Error(s)

Product ForgeRock Identity Management
Affected versions IDM 7.0.0
Fixed versions IDM 7.0.1
Component IDM Remote Connector Server (RCS)
Severity Critical

Description:

Servlet authentication bypasses IDM's authentication filter.

Workaround:

Disable endpoint.

Resolution:

Upgrade to IDM 7.0.1.

Change Log

The following table tracks changes to the security advisory:

Date  Description
September 28, 2022 Fixed broken doc link
February 24, 2021 Added ForgeRock Identity Platform taxon to improve categorization
September 8, 2020 Initial release

Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.