15 matches found
Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms
Identity is the backbone of modern cybersecurity. Every access decision carries risk, across employees, partners, devices, workloads, and an expanding set of AI-powered agents. But most organizations are still operating across disparate systems. Identity signals are captured in one place, access...
EUVD-2026-19941
OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via jato.clientSession Deserialization in OpenAM...
PT-2026-30917
Name of the Vulnerable Software and Affected Versions OpenAM versions prior to 16.0.6 Description Open Access Management OpenAM is an access management solution. An unauthenticated attacker can achieve arbitrary command execution on the server through unsafe Java deserialization. This occurs when...
CVE-2026-29192
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0...
com.itextpdf:bouncy-castle-fips-adapter (=9.6.0), org.openidentityplatform.opendj:opendj-cli (=4.10.2) +70 more potentially affected by CVE-2025-12194 via org.bouncycastle:bc-fips (=2.1.1)
org.bouncycastle:bc-fips MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.itextpdf:bouncy-castle-fips-adapter =9.6.0 - org.openidentityplatform.opendj:opendj-cli =4.10.2 -...
PT-2024-27471 · User Oidc · User Oidc
Name of the Vulnerable Software and Affected Versions: user oidc app versions prior to 3.0.0 user oidc app versions prior to 4.0.0 user oidc app versions prior to 5.0.0 Description: The issue is related to missing access control on the ID4me endpoint, allowing an attacker to register an account a...
com.srcclr:srcclr-maven-plugin (>=3.1.23 <=3.1.25), org.keycloak:keycloak-crypto-fips1402 (>=19.0.0 <=25.0.6) +17 more potentially affected by CVE-2024-34447 via org.bouncycastle:bctls-fips (>=1.0.12.2 <=1.0.18)
org.bouncycastle:bctls-fips MAVEN version =1.0.12.2, =3.1.23, =19.0.0, =14.7.0.0, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.6.3 and more Source cves: CVE-2024-34447 Source advisory:...
CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform
discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...
IBM Security Directory Suite VA Resource Management Error Vulnerability
IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. A resource management error vulnerability exists in IBM Security Directory Suite VA, which can be exploited by an attacker to...
Improper Authorization and Origin Validation Error in OneFuzz
Impact Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be: Version 2.12.0 or greater Deployed...
GHSA-Q5VH-6WHW-X745 Improper Authorization and Origin Validation Error in OneFuzz
Impact Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be: Version 2.12.0 or greater Deployed...
TokenTactics - Azure JWT Token Manipulation Toolset
Azure JSON Web Token "JWT" Manipulation Toolset Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user's access token, it may be possible to access certain apps such as...
Unauthorized Access Vulnerability in Unified Identity Platform of Lianhe Technology Co.
Lianyi Technology Co., Ltd. was registered and established on July 05, 2004 in Guangzhou Administration for Industry and Commerce. The company's business scope includes software development; information system integration services; information technology consulting services and so on. An...
Protecting your remote workforce from application-based attacks like consent phishing
The global pandemic has dramatically shifted how people work. As a result, organizations around the world have scaled up cloud services to support collaboration and productivity from home. We’re also seeing more apps leverage Microsoft’s identity platform to ensure seamless access and integrated...
Authentication Bypass Vulnerability Found in Auth0 Identity Platform
A critical authentication bypass vulnerability has been discovered in one of the biggest identity-as-a-service platform Auth0 that could have allowed a malicious attacker to access any portal or application, which are using Auth0 service for authentication. Auth0 offers token-based authentication...