RSS   Podatności dla 'Openiam'   RSS

2021-04-06
 
CVE-2020-13422

CWE-862
 

 
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.

 
 
CVE-2020-13421

CWE-732
 

 
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.

 
 
CVE-2020-13420

NVD-CWE-noinfo
 

 
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.

 
 
CVE-2020-13419

CWE-22
 

 
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.

 
 
CVE-2020-13418

CWE-79
 

 
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.

 


Copyright 2024, cxsecurity.com

 

Back to Top