{"api_version":"1","generated_at":"2026-04-23T09:53:15+00:00","cve":"CVE-2023-1656","urls":{"html":"https://cve.report/CVE-2023-1656","api":"https://cve.report/api/cve/CVE-2023-1656.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-1656","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-1656"},"summary":{"title":"CVE-2023-1656","description":"Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.","state":"PUBLIC","assigner":"psirt@forgerock.com","published_at":"2023-03-29 20:15:00","updated_at":"2023-11-07 04:04:00"},"problem_types":["CWE-319"],"metrics":[],"references":[{"url":"https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14","name":"https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14","refsource":"MISC","tags":[],"title":"Downloads - BackStage","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://backstage.forgerock.com/knowledge/kb/article/a14149722","name":"https://backstage.forgerock.com/knowledge/kb/article/a14149722","refsource":"MISC","tags":[],"title":"IDM Security Advisory #202303 | ForgeRock Backstage","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-1656","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1656","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"1656","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forgerock","cpe5":"ldap_connector","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-1656","ASSIGNER":"psirt@forgerock.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-319 Cleartext Transmission of Sensitive Information","cweId":"CWE-319"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"ForgeRock Inc.","product":{"product_data":[{"product_name":"OpenIDM and Java Remote Connector Server (RCS)","version":{"version_data":[{"version_affected":"<=","version_name":"1.5.20.9","version_value":"1.5.20.13"}]}}]}}]}},"references":{"reference_data":[{"url":"https://backstage.forgerock.com/knowledge/kb/article/a14149722","refsource":"MISC","name":"https://backstage.forgerock.com/knowledge/kb/article/a14149722"},{"url":"https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14","refsource":"MISC","name":"https://backstage.forgerock.com/downloads/browse/idm/all/productId:idm-connectors/subProductId:ldap/minorVersion:1.5/version:1.5.20.14"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"advisory":"202303","discovery":"EXTERNAL"},"solution":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade to LDAP connector version 1.5.20.14 or later"}],"value":"Upgrade to LDAP connector version 1.5.20.14 or later"}],"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-03-29 20:15:00","lastModifiedDate":"2023-11-07 04:04:00","problem_types":["CWE-319"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:forgerock:ldap_connector:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.20.9","versionEndExcluding":"1.5.20.14","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}