Veridiumad@* Security Vulnerabilities and Issues — Veridiumad@* CVE List

Lucene search

VeridiumidVeridiumad*

4 matches found

CVE•added 2024/04/03 4:15 p.m.•71 views

CVE-2023-44039

In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account.

9.1CVSS6.8AI score0.003EPSS

CVE•added 2024/04/03 5:15 p.m.•47 views

CVE-2023-44038

In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack.

6.5CVSS6.9AI score0.00192EPSS

CVE•added 2024/04/03 5:15 p.m.•42 views

CVE-2023-45552

In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal.

6.5CVSS5.3AI score0.00289EPSS

CVE•added 2024/04/03 5:15 p.m.•41 views

CVE-2023-44040

In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate.

6.1CVSS5.9AI score0.01248EPSS