漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient granularity of access control for Remote Connector Servers in client mode
Vulnerability Description
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
CVSS Information
N/A
Vulnerability Type
CWE-1220
Vulnerability Title
PingIdentity PingIDM 安全漏洞
Vulnerability Description
PingIdentity PingIDM是美国PingIdentity公司的一个身份数据管理平台。 PingIdentity PingIDM存在安全漏洞,该漏洞源于访问控制粒度不足,可能导致攻击者拦截或修改身份的安全相关属性。
CVSS Information
N/A
Vulnerability Type
N/A