Description
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://backstage.forgerock.com/downloads/browse/idm/featured/connectors
Patch, Vendor Advisory
https://backstage.forgerock.com/knowledge/kb/article/a11380515
Scores
CVSS v3
9.3
EPSS
0.0053
EPSS Percentile
40.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
CWE-863
Status
published
Products (1)
forgerock/ldap_connector
< 1.5.20.9
Published
Sep 19, 2022
Tracked Since
Feb 18, 2026