2 matches found
CVE-2019-13496
CVE-2019-13496 affects One Identity Cloud Access Manager, specifically versions prior to 8.1.4 Hotfix 1. The issue enables an OTP bypass via a MITM/SSL-strip scenario involving the Defender component and manipulation of a failed SAML response, as demonstrated by public exploitation and discussion...
CVE-2019-13497
CVE-2019-13497 affects One Identity Cloud Access Manager (CAM) prior to 8.1.4 Hotfix 1. The issue is a CSRF on logout requests caused by the web application not adequately validating that requests originate from a trusted user. Consequence is that an attacker could trigger unintended logout actio...