Lucene search

K
VeridiumidVeridiumad

5 matches found

CVE
CVE
added 2024/04/03 4:15 p.m.72 views

CVE-2023-44039

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account.

9.1CVSS6.8AI score0.00407EPSS
CVE
CVE
added 2024/04/03 5:15 p.m.48 views

CVE-2023-44038

In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack.

6.5CVSS6.9AI score0.00192EPSS
CVE
CVE
added 2024/04/03 5:15 p.m.43 views

CVE-2023-45552

In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal.

6.5CVSS5.3AI score0.00289EPSS
CVE
CVE
added 2024/04/03 5:15 p.m.42 views

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.

6.1CVSS5.9AI score0.01248EPSS
CVE
CVE
added 2022/01/28 1:15 p.m.41 views

CVE-2021-42791

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. ...

7.3CVSS7AI score0.00279EPSS