CVE-2023-0511 CRITICAL

CVE-2023-0511: AM Java Policy Agent path traversal

Vendor Forgerock

Product Access Management Java Policy Agent

Weakness CWE-23

Published February 28, 2023

Last update April 14, 2025

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

Description

Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1

Key dates

Disclosure timeline

February 28, 2023 CVE published

April 14, 2025 Record updated

Identifiers

CVE CVE-2023-0511

CWE CWE-23

CVSS 9.1 / CRITICAL

Affected versions

Vendor Forgerock

Product Access Management Java Policy Agent

Affected ≥ 1.0.0 and ≤ 5.10.1