Lucene search
+L

666 matches found

cve
cve
added 2018/11/09 12:0 a.m.72 views

CVE-2018-1842

The CVE-2018-1842 issue affects IBM Cognos Analytics 11 Configuration tool. The root cause is a bypass of OIDC namespace signature verification on the id_token under certain conditions. This leads to a potential security impact where token validation may be weakened, allowing an attacker to explo...

3.6CVSS5.1AI score0.00263EPSS
Exploits0References5Affected Software1
akamaiblog
akamaiblog
added 2018/07/05 11:0 a.m.26 views

No Apps Left Behind on Your Zero Trust Journey

Complexity kills productivity. When it comes to enabling application access, enterprises should not have to choose between user experience and complex techniques that ensure application security. Traditionally, perimeter security is built on an assumption that whatever is inside the perimeter is...

7.2AI score
Exploits0
ibm
ibm
added 2018/06/15 7:7 a.m.19 views

Security Bulletin: traditional WebSphere Application Serverでの権限昇格の脆弱性(CVE-2017-1151)

Summary WebSphere Application Server traditional で、OpenID Connect OIDC Trust Association Interceptor TAIを使用する場合、管理者が意図しない権限昇格が発生する脆弱性が報告されました。 この脆弱性は、WebSphere Application Server Libertyには影響しません。 最新の情報は下記の文書(英語)をご参照ください。 Security Bulletin: Privilege Escalation Vulnerability in WebSphere Applicati...

8.1CVSS0.8AI score0.02237EPSS
Exploits0Affected Software1
ibm
ibm
added 2018/06/15 7:5 a.m.16 views

Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server for Bluemix (CVE-2016-0283)

Summary There is a cross-site scripting vulnerability in Liberty for Java for IBM Bluemix when using the OpenID Connect OIDC client. Vulnerability Details CVEID: CVE-2016-0283 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting in the OIDC client web application...

6.1CVSS0.6AI score0.01449EPSS
Exploits0Affected Software1
ibm
ibm
added 2018/06/15 7:5 a.m.21 views

Security Bulletin: Cross-site scripting vulnerability in Liberty for Java for IBM Bluemix (CVE-2016-0283)

Summary There is a cross-site scripting vulnerability in Liberty for Java for IBM Bluemix when using the OpenID Connect OIDC client. Vulnerability Details CVEID: CVE-2016-0283 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting in the OIDC client web application...

6.1CVSS0.7AI score0.01449EPSS
Exploits0Affected Software1
ibm
ibm
added 2018/06/15 7:5 a.m.14 views

Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2016-0283)

Summary There is a cross-site scripting vulnerability in WebSphere Application Server Liberty when using the OpenID Connect OIDC client. Vulnerability Details CVEID: CVE-2016-0283 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting in the OIDC client web applicatio...

6.1CVSS0.2AI score0.01449EPSS
Exploits0Affected Software2
cloudfoundry
cloudfoundry
added 2017/06/12 12:0 a.m.42 views

CVE-2017-8032: UAA Identity Zone Admin Privilege Escalation | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected Please see additional information in the Mitigation section to determine if your foundation is affected. cf-release versions prior to v264 UAA release: All versions of UAA v2.x.x 3.6.x versions prior to v3.6.13 3.9.x versions prior t...

6.6CVSS6.6AI score0.00879EPSS
Exploits0
osv
osv
added 2017/05/16 5:29 p.m.17 views

CVE-2017-7662

Apache CXF Fediz ships with an OpenId Connect OIDC service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF Cross Style Request Forgery style vulnerability has been found in this web application in Apache CXF Fediz...

8.8CVSS6.8AI score0.01136EPSS
Exploits0References8
nvd
nvd
added 2017/05/16 5:29 p.m.21 views

CVE-2017-7662

Apache CXF Fediz ships with an OpenId Connect OIDC service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF Cross Style Request Forgery style vulnerability has been found in this web application in Apache CXF Fediz...

8.8CVSS8.6AI score0.01136EPSS
Exploits0References8
cvelist
cvelist
added 2017/05/16 5:0 p.m.26 views

CVE-2017-7662

Apache CXF Fediz ships with an OpenId Connect OIDC service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF Cross Style Request Forgery style vulnerability has been found in this web application in Apache CXF Fediz...

8.7AI score0.01136EPSS
Exploits0References8
cve
cve
added 2017/05/16 5:0 p.m.70 views

CVE-2017-7662

Apache CXF Fediz’s OpenID Connect Client Registration Service is vulnerable to CSRF in versions prior to 1.4.0 and 1.3.2. A malicious web app could create new clients or reset secrets after an admin logs in and the session remains active. The connected sources corroborate the same description acr...

8.8CVSS8.6AI score0.01136EPSS
Exploits0References8Affected Software1
nessus
nessus
added 2017/03/21 12:0 a.m.45 views

IBM WebSphere Application Server 8.0.0.10 < 8.0.0.14 / 8.5.5.3 < 8.5.5.12 / 9.0.0.0 < 9.0.0.4 OIDC Privilege Escalation

The IBM WebSphere Application Server running on the remote host is version 8.0.0.10 prior to 8.0.0.14, 8.5.5.3 prior to 8.5.5.12, or 9.0.0.0 prior to 9.0.0.4. It is, therefore, affected by a privilege escalation vulnerability in the OpenID Connect OIDC Trust Association Interceptor TAI that is...

8.1CVSS7.7AI score0.02237EPSS
Exploits0References2
cvelist
cvelist
added 2017/03/20 4:0 p.m.17 views

CVE-2017-1151

IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect OIDC configured with a Trust Association Interceptor TAI could allow a user to gain elevated privileges on the system. IBM Reference : 1999293...

8.1AI score0.02237EPSS
Exploits0References3
cve
cve
added 2017/03/20 4:0 p.m.99 views

CVE-2017-1151

CVE-2017-1151 is an IBM WebSphere Application Server privilege-escalation vulnerability. It occurs when OpenID Connect (OIDC) is configured with a Trust Association Interceptor (TAI); under this configuration a user could gain elevated privileges on the system. Affected products/versions in the c...

8.1CVSS7.9AI score0.02237EPSS
Exploits0References3Affected Software1
osv
osv
added 2017/03/02 6:59 a.m.3 views

DEBIAN-CVE-2017-6413

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP...

8.6CVSS7.2AI score0.04253EPSS
Exploits0References1
cnvd
cnvd
added 2016/10/20 12:0 a.m.4 views

flask-oidc open redirect vulnerability

flask-oidc is a library for supporting OpenID connections to flask. An open redirection vulnerability exists in flask-oidc 0.1.2 and earlier versions, which can be exploited by an attacker to redirect a user to an arbitrary website and execute a phishing attack...

7.4CVSS7.1AI score0.00795EPSS
Exploits0References1
prion
prion
added 2016/10/07 6:59 p.m.13 views

Open redirect

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect...

5.8CVSS7AI score0.00795EPSS
Exploits0References1Affected Software1
pypa
pypa
added 2016/10/07 6:59 p.m.8 views

PYSEC-2016-25

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect...

7.4CVSS6.9AI score0.00795EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2016/10/07 6:59 p.m.13 views

CVE-2016-1000001

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect...

7.4CVSS7.4AI score0.00795EPSS
Exploits0References1
osv
osv
added 2016/10/07 6:59 p.m.15 views

PYSEC-2016-25

flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect...

7.4CVSS3.8AI score0.00795EPSS
Exploits0References2
Rows per page
Query Builder