Skip to main content

Cloud Access Manager

3 CVEs product

Monthly

CVE-2019-13497 MEDIUM POC This Month

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cloud Access Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-13496 HIGH POC This Week

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Cloud Access Manager
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2019-13498 HIGH POC This Week

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Access Manager
NVD GitHub
CVSS 3.1
7.4
EPSS
1.2%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cloud Access Manager
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Cloud Access Manager
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Access Manager
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy