Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oneidentity vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-51772
One Identity Password Manager prior to 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape seque...
Oneidentity Password Manager
9.8
CVSSv3
CVE-2023-48654
One Identity Password Manager prior to 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape seque...
Oneidentity Password Manager
6.8
CVSSv3
CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.
Oneidentity Password Manager
7.5
CVSSv3
CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 up to and including 3.37 allows remote malicious users to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng S...
Oneidentity Syslog-ng Store Box
Oneidentity Syslog-ng
5.3
CVSSv3
CVE-2020-7962
An issue exists in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an malicious user to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The...
Oneidentity Password Manager 5.8
7.8
CVSSv3
CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Ente...
Oneidentity Syslog-ng
6.5
CVSSv3
CVE-2019-13497
One Identity Cloud Access Manager prior to 8.1.4 Hotfix 1 allows CSRF for logout requests.
Oneidentity Cloud Access Manager 8.1.4
Oneidentity Cloud Access Manager
1 Github repository
8.1
CVSSv3
CVE-2019-13496
One Identity Cloud Access Manager prior to 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
Oneidentity Cloud Access Manager 8.1.4
Oneidentity Cloud Access Manager
1 Github repository
7.4
CVSSv3
CVE-2019-13498
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.
Oneidentity Cloud Access Manager 8.1.3
2 Github repositories
NA
CVE-2011-1951
lib/logmatcher.c in Balabit syslog-ng prior to 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote malicious users to cause a denial of service (memory consumption) via a message that does not match a regular expression.
Oneidentity Syslog-ng
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »