Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2023/12/15 12:30 p.m.4 views

org.wso2.identity.apps:org.wso2.identity.apps.authentication.portal.server.feature (>=0.1.125 <=1.6.179) potentially affected by CVE-2023-6837 via org.wso2.identity.apps:authentication-portal (>=0.1.125 <=1.6.179)

org.wso2.identity.apps:authentication-portal MAVEN version =0.1.125, =0.1.125, =1.6.179 Source cves: CVE-2023-6837 Source advisory: OSV:GHSA-F6JM-9PR8-9C3W...

8.5CVSS7.2AI score0.0046EPSS
Exploits0
OSV
OSV
added 2023/12/15 10:15 a.m.14 views

CVE-2023-6837

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...

8.2CVSS7.3AI score0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/15 9:41 a.m.20 views

CVE-2023-6837 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...

8.5CVSS8.8AI score0.0046EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 9:41 a.m.82 views

CVE-2023-6837

CVE-2023-6837 concerns multiple WSO2 products where, under specific federated authentication and JIT provisioning configurations, an attacker could impersonate another user. The vulnerable setup requires: (1) an IDP configured for federated authentication with JIT provisioning enabled and the pro...

8.5CVSS8.4AI score0.0046EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder