3 matches found
CVE-2019-13496
CVE-2019-13496 affects One Identity Cloud Access Manager, specifically versions prior to 8.1.4 Hotfix 1. The issue enables an OTP bypass via a MITM/SSL-strip scenario involving the Defender component and manipulation of a failed SAML response, as demonstrated by public exploitation and discussion...
CVE-2019-13498
The CVE-2019-13498 issue affects One Identity Cloud Access Manager 8.1.3, where HTTP Strict Transport Security (HSTS) is not implemented. This absence can enable MITM-style attacks by downgrading protections, with the impact described as enabling/intercepting sensitive credential-related traffic....
CVE-2019-13497
CVE-2019-13497 affects One Identity Cloud Access Manager (CAM) prior to 8.1.4 Hotfix 1. The issue is a CSRF on logout requests caused by the web application not adequately validating that requests originate from a trusted user. Consequence is that an attacker could trigger unintended logout actio...