6.1CVSS
5.9AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
9.8CVSS
9.7AI Score
0.006EPSS
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
9.8CVSS
9.4AI Score
0.003EPSS
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
8.1CVSS
8AI Score
0.001EPSS