35 matches found
CVE-2022-23855
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account...
CVE-2022-23856
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI...
EUVD-2019-4958
Malware in sbrugna...
EUVD-2019-4957
Malware in sbrugna...
EUVD-2022-28782
Malicious code in bioql PyPI...
EUVD-2024-16758
Malicious code in bioql PyPI...
GHSA-7726-43HG-M23V OpenAM FreeMarker template injection
OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to...
CVE-2024-41667
OpenAM
CVE-2024-0981
Okta Browser Plugin versions 6.5.0 through 6.31.0 Chrome/Edge/Firefox/Safari are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A fix was implemented to properly escape these fields, addressing the...
CVE-2024-0981
Okta Browser Plugin versions 6.5.0 through 6.31.0 Chrome/Edge/Firefox/Safari are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A fix was implemented to properly escape these fields, addressing the...
CVE-2024-0981
The CVE-2024-0981 affect is: Okta Browser Plugin versions 6.5.0–6.31.0 (Chrome/Edge/Firefox/Safari) allow cross-site scripting when the plugin prompts to save credentials in Okta Personal. Root cause: improper escaping of fields in the credential-save prompt. Impact: potential XSS; remediation: u...
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta is warning that a cross-origin authentication feature in Customer Identity Cloud CIC is susceptible to credential stuffing attacks orchestrated by threat actors. "We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for...
CVE-2022-23855
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account...
CVE-2022-23856
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI...
CVE-2022-23855
Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x contains an authentication bypass in ECM/maintenance/forgotpasswordstep1 that allows an unauthenticated user to reset passwords and log in as any local account. Root cause: bypass in forgotpasswordstep1. Publicly available fix details are not prov...
CVE-2022-23856
An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI...
PT-2022-16294 · Saviynt · Saviynt Enterprise Identity Cloud
Name of the Vulnerable Software and Affected Versions: Saviynt Enterprise Identity Cloud EIC version 5.5 SP2.x Description: An issue was discovered that allows an attacker to enumerate users by changing the id parameter in the "ECM/maintenance/forgotpasswordstep1" API endpoint. Recommendations: F...
Saviynt Enterprise Identity Cloud 安全漏洞
Saviynt Enterprise Identity Cloud Saviynt Eic is a cloud-architected, cloud-deployed identity governance and management platform from Saviynt. A security vulnerability exists in Saviynt Enterprise Identity Cloud, which stems from an issue discovered in saviynt Enterprise Identity Cloud EIC 5.5...
Saviynt Enterprise Identity Cloud 授权问题漏洞
Saviynt Enterprise Identity Cloud Saviynt Eic is a cloud-architected, cloud-deployed identity governance and management platform from Saviynt. A security vulnerability exists in Saviynt Enterprise Identity Cloud EIC that stems from an issue discovered in saviynt Enterprise Identity Cloud EIC 5.5...
PT-2022-16293 · Saviynt · Saviynt Enterprise Identity Cloud
Name of the Vulnerable Software and Affected Versions: Saviynt Enterprise Identity Cloud EIC version 5.5 SP2.x Description: An issue was discovered that allows an authentication bypass. Specifically, the endpoint /ECM/maintenance/forgotpasswordstep1 is vulnerable, enabling an unauthenticated user...