Oneidentity

Cloud Access Manager

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2019-13497

Exploit
  • EPSS 1.24%
  • Published 04.11.2019 18:15:12
  • Last modified 21.11.2024 04:25:00

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests.

8.1

CVE-2019-13496

Exploit
  • EPSS 0.63%
  • Published 04.11.2019 17:15:11
  • Last modified 21.11.2024 04:25:00

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.

7.4

CVE-2019-13498

Exploit
  • EPSS 1.49%
  • Published 29.07.2019 17:15:11
  • Last modified 21.11.2024 04:25:01

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.