Lucene search

Openiam Security Vulnerabilities

cve

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.

6.1CVSS

5.9AI Score

0.001EPSS

2021-04-06 09:15 PM

cve

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.

5.3CVSS

5.3AI Score

0.001EPSS

2021-04-06 09:15 PM

cve

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.

9.8CVSS

9.7AI Score

0.006EPSS

2021-04-06 09:15 PM

cve

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.

9.8CVSS

9.4AI Score

0.003EPSS

2021-04-06 09:15 PM

cve

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.

8.1CVSS

8AI Score

0.001EPSS

2021-04-06 09:15 PM