267 matches found
CVE-2022-36413
Zoho ManageEngine ADSelfService Plus (versions up to 6203) is affected by a brute-force vulnerability that can lead to password resets on IDM applications. The CVE-2022-36413 entry notes a high-severity issue (CVSS v3.1: 9.1, Network, Low attack complexity, No privileges, No user interaction) wit...
Malicious Package
Overview middleware-idm-response is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in middleware-idm-response (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e53def6a72c1048b136965e56c0ffa04def535accfed3f611c3c1f2e3b4d5bec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-593 Malicious code in middleware-idm-response (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e53def6a72c1048b136965e56c0ffa04def535accfed3f611c3c1f2e3b4d5bec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in django-idm-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7500205256afd3e70ea8edbcfa2b5acf17cc55d212296b698b47098c635ef9a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-262 Malicious code in django-idm-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7500205256afd3e70ea8edbcfa2b5acf17cc55d212296b698b47098c635ef9a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview django-idm-api is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
Malicious code in @blk/idm-okta-sdk-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c20622741e2de2fbe724a0f651ff5d95cf0ca356d60a6793f289802ca53fa02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-26329 File existence disclosue vulnerability in IDM plugin
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...
CVE-2022-26329 File existence disclosue vulnerability in IDM plugin
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...
client and idm:DL1 bug fix and enhancement update
An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
SQL Injection
org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteUser function in UserStore.java allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the /auth/v1/users/ API interface ...
CVE-2022-45930
A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...
client and idm:DL1 bug fix and enhancement update
An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
CVE-2022-42304
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code...
What Are Shadow IDs, and How Are They Crucial in 2022?
Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy. No mention of insider trading, naked shorting, or any malevolence. Just employees circumventing regulation using, well, Shado...
The vulnerability of the user interface of the VMware Workspace One Access application management platform, the administration consoles of VMware Identity Manager (vIDM), and the virtual infrastructure management tools of VMware vRealize Automation allows a perpetrator to escalate their privileges.
The vulnerability of the user interface of the VMware Workspace One Access application management platform, as well as the administration consoles of VMware Identity Manager vIDM, and the virtual infrastructure management tool VMware vRealize Automation, is related to the possibility of bypassing...
client and idm:DL1 bug fix and enhancement update
An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
idm:client and idm:DL1 bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
ALEA-2022:1884 idm:client and idm:DL1 bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...