CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

CVE-2024-1524

CVE-2024-1524 describes a risk when a federated IDP uses Silent Just-In-Time provisioning: if preconditions are met, a malicious actor could cause a targeted local user account to be linked to a federated IDP user they control, potentially replacing information in the local user store. The CVE is...

EUVD-2020-26268

Malware in sbrugna...

CVE-2025-23389

A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3...

CVE-2024-42012

GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate...

CVE-2020-4914 IBM Cloud Pak System Software Suite session fixation

IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290...

CVE-2022-2752 Potential vulnerabilities in GM login process

A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7...

PT-2022-18466 · Secomea · Secomea Gatemanager

Name of the Vulnerable Software and Affected Versions: Secomea GateManager versions 9.4 through 9.7 Description: A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. Recommendations: For Secomea...

Input validation

IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338...

CVE-2022-34164

IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338...

CVE-2020-5021

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate session after a password reset which could allow a local user to impersonate another user on the system. IBM X-Force ID: 193657...

CVE-2019-4439

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949...

Security Bulletin: IBM Cloud Private - Session not invalidated on logout (CVE-2019-4439)

Summary IBM Cloud Private - Session not invalidated on logout CVE-2019-4439 Vulnerability Details CVEID: CVE-2019-4439 DESCRIPTION: IBM Cloud private does not invalidate session after logout which could allow a local user to impersonate another user on the system. CVSS Base Score: 5.9 CVSS Tempor...

CVE-2018-1334

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application...

CVE-2018-1334

Apache Spark up to version 2.3.0 (affected: 1.0.0–2.1.2, 2.2.0–2.2.1, 2.3.0) is vulnerable to an impersonation flaw when using PySpark or SparkR that lets a different local user connect to a Spark application and impersonate the Spark user. The issue is confirmed across multiple sources (e.g., SU...