CVE-2023-0339: AM Web Policy Agent path traversal
First published: Tue Feb 28 2023(Updated: )
Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1
Credit: psirt@forgerock.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Forgerock Web Policy Agents | <=5.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-0339.
What is the title of the vulnerability?
The title of the vulnerability is Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass.
Which versions of ForgeRock Access Management Web Policy Agent are affected?
All versions up to 5.10.1 of ForgeRock Access Management Web Policy Agent are affected.
What is the severity of the vulnerability?
The severity of the vulnerability is critical.
How can I fix the vulnerability?
To fix the vulnerability, update ForgeRock Access Management Web Policy Agent to version 5.10.1 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/forgerock
- canonical/forgerock web policy agents
- version/forgerock web policy agents/5.10.1