Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13422 | 1 Openiam | 1 Openiam | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
|
|||||
| CVE-2020-13421 | 1 Openiam | 1 Openiam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
|
|||||
| CVE-2020-13420 | 1 Openiam | 1 Openiam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
|
|||||
| CVE-2020-13419 | 1 Openiam | 1 Openiam | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.
|
|||||
| CVE-2020-13418 | 1 Openiam | 1 Openiam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.
|
|||||