PingIDM Access Control Vulnerability for Remote Connector Servers in Client Mode

Vulnerability

A vulnerability exists in PingIDM (formerly ForgeRock Identity Management) due to insufficient access control granularity. Administrators are unable to properly configure access rules for Remote Connector Servers (RCS) operating in client mode. This flaw allows attackers to spoof a client-mode RCS, if one is available, and intercept or modify sensitive identity properties, such as passwords and account recovery details. The vulnerability is exploitable only when an RCS is set to run in client mode.

Impact

Exploitation of this vulnerability could lead to unauthorized interception or modification of an identity's security-sensitive information, including passwords and account recovery data.

Added: Apr 8, 2026, 12:45 AM

Updated: Apr 8, 2026, 12:45 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

5.4

threat

0.0

urgency

10.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

5.4

threat

0.0

urgency

10.0

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PingIDM Access Control Vulnerability for Remote Connector Servers in Client Mode

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating