Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-1656
HistoryMar 29, 2023 - 8:15 p.m.

CVE-2023-1656

2023-03-2920:15:07
CWE-319
[email protected]
web.nvd.nist.gov
1
forgerock inc
openidm
java remote connector server
ldap connector
cleartext transmission
sensitive information
vulnerability
windows
macos
linux
remote services
stolen credentials
cve-2023-1656

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.3%

JSON

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.

Affected configurations

NVD
Node
forgerockldap_connectorRange1.5.20.91.5.20.14

Related

cve 1
prion 1
cvelist 1
cve
cve
CVE-2023-1656
2023-03-29 20:15:07
prion
prion
Code injection
2023-03-29 20:15:00
cvelist
cvelist
CVE-2023-1656 When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.
2023-03-29 19:55:13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.3%

JSON
Related for NVD:CVE-2023-1656
cve1prion1cvelist1