Vulnerability Description
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management (IDM) and Remote Connector Server (RCS)
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Forgerock | Ldap Connector | < 1.5.20.9 |
Related Weaknesses (CWE)
References
- https://backstage.forgerock.com/downloads/browse/idm/featured/connectorsPatchVendor Advisory
- https://backstage.forgerock.com/knowledge/kb/article/a11380515PatchVendor Advisory
- https://backstage.forgerock.com/downloads/browse/idm/featured/connectorsPatchVendor Advisory
- https://backstage.forgerock.com/knowledge/kb/article/a11380515PatchVendor Advisory
FAQ
What is CVE-2022-0143?
CVE-2022-0143 is a vulnerability with a CVSS score of 9.3 (CRITICAL). When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled ...
How severe is CVE-2022-0143?
CVE-2022-0143 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-0143?
Check the references section above for vendor advisories and patch information. Affected products include: Forgerock Ldap Connector.