CVE-2020-13422

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/ administrative actions...

CVE-2020-13421

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions...

Design/Logic Flaw

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature...

CVE-2020-13420

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script...

Github OpenIAM 跨站脚本漏洞

OpenIAM is a fully integrated identity and access management platform. A cross-site scripting vulnerability exists in the "Add New User" feature in OpenIAM versions prior to 4.2.0.3. No details of the vulnerability are available at this time...

PT-2021-9610 · Openiam · Openam

Name of the Vulnerable Software and Affected Versions: OpenIAM versions prior to 4.2.0.3 Description: The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/" endpoint. This means that users without proper...