41 matches found
Design/Logic Flaw
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/ administrative actions...
Code injection
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...
Design/Logic Flaw
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...
Directory traversal
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...
Design/Logic Flaw
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature...
CVE-2020-13422
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/ administrative actions...
CVE-2020-13422
OpenIAM before 4.2.0.3 is vulnerable to privilege control issues where the system does not verify that a user has permission to perform administrative actions at the /webconsole/rest/api/* endpoint. This could allow unauthorized users to execute privileged actions. Affected versions are OpenIAM p...
CVE-2020-13421
OpenIAM before 4.2.0.3 is affected by an Incorrect Access Control vulnerability in the Create User, Modify User Permissions, and Password Reset actions. The CVE entry is supported by multiple sources (NVD entry CVE-2020-13421; CNVD/CNNVD references) confirming the affected product and version ran...
CVE-2020-13421
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...
CVE-2020-13419
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task...
CVE-2020-13419
CVE-2020-13419 concerns OpenIAM before 4.2.0.3, where a directory traversal vulnerability exists in the Batch task. The available connected sources confirm the affected product is OpenIAM (identity and access management platform) and the root cause is a directory traversal issue in batch task pro...
CVE-2020-13418
CVE-2020-13418 affects OpenIAM prior to 4.2.0.3, where the vulnerability is a cross-site scripting (XSS) issue in the Add New User feature. Multiple connected sources (NVD/NVDC CNVD/CNNVD) confirm the impact as XSS in that feature and version range, but they do not provide exploit details, affect...
CVE-2020-13418
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature...
CVE-2020-13420
OpenIAM prior to 4.2.0.3 is affected by CVE-2020-13420, described as remote code execution via Groovy Script. The available sources consistently identify the affected software as OpenIAM and indicate remediation by upgrading to 4.2.0.3 or later. The initial documents do not provide explicit root-...
CVE-2020-13420
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...
Github OpenIAM 路径遍历漏洞
OpenIAM is a fully integrated identity and access management platform. A directory traversal vulnerability exists in batch tasks in versions of OpenIAM prior to 4.2.0.3. No detailed vulnerability details are provided at this time...
PT-2021-9610 · Openiam · Openam
Name of the Vulnerable Software and Affected Versions: OpenIAM versions prior to 4.2.0.3 Description: The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/" endpoint. This means that users without proper...
OpenIAM 安全漏洞
OpenIAM is a fully integrated identity and access management platform. A privilege control impropriety vulnerability exists in OpenIAM versions prior to 4.2.0.3. The vulnerability stems from OpenIAM not verifying that a user has permission to perform /webconsole/rest/api/ administrative operation...
OpenIAM 安全漏洞
OpenIAM is a fully integrated identity and access management platform. A remote code execution vulnerability exists in OpenIAM versions prior to 4.2.0.3. An attacker can exploit this vulnerability to execute arbitrary code via Groovy Script...
OpenIAM 安全漏洞
OpenIAM is a fully integrated identity and access management platform. Vulnerabilities exist in OpenIAM versions prior to 4.2.0.3 due to access control errors in the "Create User", "Modify User Privileges" and "Password Reset" operations. No details of the vulnerabilities are available at this ti...