Lucene search
K

115 matches found

CNNVD
CNNVD
added 2024/08/29 12:0 a.m.4 views

One Identity Safeguard for Privileged Passwords 安全漏洞

One Identity Safeguard for Privileged Passwords is a platform from US-based One Identity, Inc. stores and manages sensitive credentials such as passwords, keys and other keys in a centralized, hardened vault. A security vulnerability exists in One Identity Safeguard for Privileged Passwords that...

9.8CVSS6.7AI score0.50603EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:44 p.m.5 views

Malicious code in 1-as_identity_function (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/04/09 5:30 a.m.17 views

Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials

As cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management PAM solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM Solution Market is experiencing...

7.3AI score
Exploits0
OSV
OSV
added 2023/12/25 6:15 a.m.7 views

CVE-2023-48654

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the...

9.8CVSS5.8AI score0.01013EPSS
Exploits1References3
NVD
NVD
added 2023/12/25 6:15 a.m.10 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

8.8CVSS0.00515EPSS
Exploits0References2
Prion
Prion
added 2023/12/25 6:15 a.m.16 views

Design/Logic Flaw

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

6.5CVSS7.1AI score0.00515EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/12/25 12:0 a.m.5 views

One Identity Password Manager Security Vulnerability

One Identity Password Manager is a web platform for providing authentication from One Identity, Inc. in the United States. A security vulnerability exists in One Identity Password Manager versions prior to 5.13.1. An attacker could use this vulnerability to reset the Active Directory password of ...

8.8CVSS6.9AI score0.00515EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.17 views

CVE-2023-48654

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: go to the...

9.5AI score0.01013EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/12/25 12:0 a.m.12 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

6.8AI score0.00515EPSS
Exploits0References2
CVE
CVE
added 2023/12/25 12:0 a.m.52 views

CVE-2023-51772

CVE-2023-51772 affects One Identity Password Manager before 5.13.1. The vulnerability arises from the login screen’s Kiosk mode workflow, which launches a Chromium-based browser to reset Active Directory passwords. The root cause enables an attacker to escape the kiosk sandbox by navigating throu...

8.8CVSS8.5AI score0.00515EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/12/25 12:0 a.m.61 views

CVE-2023-48654

One Identity Password Manager before 5.13.1 is affected by a Kiosk Escape privilege escalation. The vulnerability allows an attacker to break out of the kiosk-embedded Chromium browser on the Windows login screen and launch cmd.exe as NT AUTHORITY\SYSTEM, enabling high-privilege access. The escap...

9.8CVSS9.2AI score0.01013EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/25 12:0 a.m.19 views

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

8.8AI score0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/24 12:0 a.m.7 views

PT-2023-31890 · One Identity +2 · One Identity Password Manager +2

Name of the Vulnerable Software and Affected Versions: One Identity Password Manager versions prior to 5.13.1 Description: The issue allows Kiosk Escape, affecting the product's functionality to reset Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based...

8.8CVSS7.3AI score0.00515EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2023/12/13 12:0 a.m.399 views

One Identity Password Manager Kiosk Escape Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...

7.4AI score0.01013EPSS
Exploits1
OSV
OSV
added 2023/09/27 3:19 p.m.5 views

CVE-2023-4003

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

6.8CVSS5.8AI score0.00473EPSS
Exploits0References1
Prion
Prion
added 2023/09/27 3:19 p.m.22 views

Default credentials

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

4.6CVSS6.6AI score0.00473EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/27 12:11 p.m.9 views

CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

7.6CVSS6.9AI score0.00473EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/27 12:11 p.m.18 views

CVE-2023-4003 One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges...

7.6CVSS7.7AI score0.00473EPSS
Exploits0References1
CVE
CVE
added 2023/09/27 12:11 p.m.58 views

CVE-2023-4003

CVE-2023-4003 affects One Identity Password Manager version 5.9.7.1. An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method (described as a privilege escalation due to execution with unnecessary privileges). The vulnerabili...

7.6CVSS6.8AI score0.00473EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.7 views

PT-2023-27224 · One Identity · One Identity Password Manager

Name of the Vulnerable Software and Affected Versions: One Identity Password Manager version 5.9.7.1 Description: An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. This issue is related to execution with unnecessary...

7.6CVSS6.3AI score0.00473EPSS
Exploits0References3
Rows per page
Query Builder