14 matches found
CVE-2026-31957
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
CVE-2026-31957
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
CVE-2026-31957
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
EUVD-2026-11321
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
CVE-2026-31957
Himmelblau (interoperability suite for Microsoft Azure Entra ID and Intune) from versions 3.0.0 up to before 3.1.0 is vulnerable when deployed without a configured tenant domain in himmelblau.conf. In this state, authentication is not tenant-scoped, allowing the system to accept authentication at...
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for...
PT-2026-24804
🚨 CVE-2026-31957 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication...
Himmelblau 安全漏洞
Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that authentication was not limited by tenant domains, allowing for attempts at...
CVE-2023-31664
A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...
CVE-2023-43041
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808...
WSO2 API Manager 跨站脚本漏洞
WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager versions prior to 4.2.0, which stems from a security issue in authenticationendpoint/login.do, that could allow an attacker to inject a crafted payload via the tenantDomain...
PT-2023-23408 · Wso2 · Wso2 Api Manager
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions prior to 4.2.0 Description: A reflected cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter in the...
SUSE CVE-2013-0282
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...