CVE-2023-44038
- EPSS 0.16%
- Veröffentlicht 03.04.2024 17:15:47
- Zuletzt bearbeitet 16.04.2025 15:03:33
In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack.
CVE-2023-44040
- EPSS 0.81%
- Veröffentlicht 03.04.2024 17:15:47
- Zuletzt bearbeitet 24.04.2025 14:53:42
In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authentica...
CVE-2023-45552
- EPSS 0.29%
- Veröffentlicht 03.04.2024 17:15:47
- Zuletzt bearbeitet 16.04.2025 19:04:42
In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal.
CVE-2023-44039
- EPSS 0.41%
- Veröffentlicht 03.04.2024 16:15:07
- Zuletzt bearbeitet 16.04.2025 15:20:29
In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over...
CVE-2021-42791
- EPSS 0.28%
- Veröffentlicht 28.01.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:28:10
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text containe...