6 matches found
CVE-2022-23855
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account...
CVE-2022-23855
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account...
CVE-2022-23855
Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x contains an authentication bypass in ECM/maintenance/forgotpasswordstep1 that allows an unauthenticated user to reset passwords and log in as any local account. Root cause: bypass in forgotpasswordstep1. Publicly available fix details are not prov...
CVE-2022-23856
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI...
PT-2022-16294 · Saviynt · Saviynt Enterprise Identity Cloud
Name of the Vulnerable Software and Affected Versions: Saviynt Enterprise Identity Cloud EIC version 5.5 SP2.x Description: An issue was discovered that allows an attacker to enumerate users by changing the id parameter in the "ECM/maintenance/forgotpasswordstep1" API endpoint. Recommendations: F...
PT-2022-16293 · Saviynt · Saviynt Enterprise Identity Cloud
Name of the Vulnerable Software and Affected Versions: Saviynt Enterprise Identity Cloud EIC version 5.5 SP2.x Description: An issue was discovered that allows an authentication bypass. Specifically, the endpoint /ECM/maintenance/forgotpasswordstep1 is vulnerable, enabling an unauthenticated user...