Lucene search
K

41 matches found

Prion
Prion
added 2021/04/06 9:15 p.m.17 views

Design/Logic Flaw

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/ administrative actions...

5.5CVSS8AI score0.00876EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/04/06 9:15 p.m.13 views

Code injection

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...

7.5CVSS9.7AI score0.02031EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/04/06 9:15 p.m.17 views

Design/Logic Flaw

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...

7.5CVSS9.5AI score0.01133EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/04/06 9:15 p.m.15 views

Directory traversal

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...

5CVSS5.3AI score0.01219EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/04/06 9:15 p.m.15 views

Design/Logic Flaw

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature...

4.3CVSS6AI score0.00621EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/06 8:24 p.m.17 views

CVE-2020-13422

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/ administrative actions...

8.1AI score0.00876EPSS
Exploits0References2
CVE
CVE
added 2021/04/06 8:24 p.m.58 views

CVE-2020-13422

OpenIAM before 4.2.0.3 is vulnerable to privilege control issues where the system does not verify that a user has permission to perform administrative actions at the /webconsole/rest/api/* endpoint. This could allow unauthorized users to execute privileged actions. Affected versions are OpenIAM p...

8.1CVSS8AI score0.00876EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/06 8:21 p.m.50 views

CVE-2020-13421

OpenIAM before 4.2.0.3 is affected by an Incorrect Access Control vulnerability in the Create User, Modify User Permissions, and Password Reset actions. The CVE entry is supported by multiple sources (NVD entry CVE-2020-13421; CNVD/CNNVD references) confirming the affected product and version ran...

9.8CVSS9.4AI score0.01133EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/06 8:21 p.m.25 views

CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...

9.6AI score0.01133EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/06 8:17 p.m.19 views

CVE-2020-13419

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...

5.3AI score0.01219EPSS
Exploits0References1
CVE
CVE
added 2021/04/06 8:17 p.m.43 views

CVE-2020-13419

CVE-2020-13419 concerns OpenIAM before 4.2.0.3, where a directory traversal vulnerability exists in the Batch task. The available connected sources confirm the affected product is OpenIAM (identity and access management platform) and the root cause is a directory traversal issue in batch task pro...

5.3CVSS5.3AI score0.01219EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/04/06 8:10 p.m.53 views

CVE-2020-13418

CVE-2020-13418 affects OpenIAM prior to 4.2.0.3, where the vulnerability is a cross-site scripting (XSS) issue in the Add New User feature. Multiple connected sources (NVD/NVDC CNVD/CNNVD) confirm the impact as XSS in that feature and version range, but they do not provide exploit details, affect...

6.1CVSS5.9AI score0.00621EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/06 8:10 p.m.11 views

CVE-2020-13418

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature...

6AI score0.00621EPSS
Exploits0References1
CVE
CVE
added 2021/04/06 8:8 p.m.53 views

CVE-2020-13420

OpenIAM prior to 4.2.0.3 is affected by CVE-2020-13420, described as remote code execution via Groovy Script. The available sources consistently identify the affected software as OpenIAM and indicate remediation by upgrading to 4.2.0.3 or later. The initial documents do not provide explicit root-...

9.8CVSS9.7AI score0.02031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/06 8:8 p.m.18 views

CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...

9.8AI score0.02031EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.5 views

Github OpenIAM 路径遍历漏洞

OpenIAM is a fully integrated identity and access management platform. A directory traversal vulnerability exists in batch tasks in versions of OpenIAM prior to 4.2.0.3. No detailed vulnerability details are provided at this time...

5.3CVSS5.5AI score0.01219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/04/06 12:0 a.m.4 views

PT-2021-9610 · Openiam · Openam

Name of the Vulnerable Software and Affected Versions: OpenIAM versions prior to 4.2.0.3 Description: The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/" endpoint. This means that users without proper...

8.1CVSS8.2AI score0.00876EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

OpenIAM 安全漏洞

OpenIAM is a fully integrated identity and access management platform. A privilege control impropriety vulnerability exists in OpenIAM versions prior to 4.2.0.3. The vulnerability stems from OpenIAM not verifying that a user has permission to perform /webconsole/rest/api/ administrative operation...

8.1CVSS5.5AI score0.00876EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.5 views

OpenIAM 安全漏洞

OpenIAM is a fully integrated identity and access management platform. A remote code execution vulnerability exists in OpenIAM versions prior to 4.2.0.3. An attacker can exploit this vulnerability to execute arbitrary code via Groovy Script...

9.8CVSS6.9AI score0.02031EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.4 views

OpenIAM 安全漏洞

OpenIAM is a fully integrated identity and access management platform. Vulnerabilities exist in OpenIAM versions prior to 4.2.0.3 due to access control errors in the "Create User", "Modify User Privileges" and "Password Reset" operations. No details of the vulnerabilities are available at this ti...

9.8CVSS5.5AI score0.01133EPSS
Exploits0References3
Rows per page
Query Builder