EUVD-2014-7237

Malware in sbrugna...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-4992 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-4992 Source advisory: OSV:GHSA-JCMH-X32V-7MGF...

Inflection: Malicious callback url can be set while creating application in identity

Researcher found that while creating any application in identity, you are required to provide callback url. If you provide a malicious callback url then javascript will stop you from submitting form. But their is no server side validation and we can use an application proxy to bypass the javascri...

CVE-2014-7366

The Identity aka com.magzter.identity application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...