Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid connect vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-50771
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing malicious users to perform phishing attacks.
Jenkins Openid
6.7
CVSSv3
CVE-2023-50770
Jenkins OpenId Connect Authentication Plugin 2.6 and previous versions stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the Jenkins controller file system to recover the plain text password of tha...
Jenkins Openid
9.8
CVSSv3
CVE-2019-4155
IBM API Connect's Developer Portal 2018.1 and 2018.4.1.3 is impacted by a privilege escalation vulnerability when integrated with an OpenID Connect (OIDC) user registry. IBM X-Force ID: 158544.
Ibm Api Connect
9.1
CVSSv3
CVE-2021-27582
org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect up to and including 1.3.3 contains a Mass Assignment (aka Autobinding) vulnerability. This arises due to unsafe usage of the @ModelAttribute annotation during the...
Mitreid Connect
1 Github repository
6.1
CVSSv3
CVE-2020-5497
The OpenID Connect reference implementation for MITREid Connect up to and including 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.
Mitreid Connect
9.1
CVSSv3
CVE-2021-26715
The OpenID Connect server implementation for MITREid Connect up to and including 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticate...
Mitreid Connect
1 Github repository
9.8
CVSSv3
CVE-2019-12419
Apache CXF prior to 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the suppli...
Apache Cxf
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Retail Order Broker 15.0
Oracle Enterprise Manager Base Platform 13.2.1.0
Oracle Commerce Guided Search 11.3.2
6.1
CVSSv3
CVE-2021-32792
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when us...
Openidc Mod Auth Openidc
Fedoraproject Fedora 33
Fedoraproject Fedora 34
9.8
CVSSv3
CVE-2023-50708
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular...
Yiiframework Yii2-authclient
NA
CVE-2014-6164
IBM WebSphere Application Server 8.0.x prior to 8.0.0.10 and 8.5.x prior to 8.5.5.4 allows remote malicious users to spoof OpenID and OpenID Connect cookies, and consequently obtain sensitive information, via a crafted URL.
Ibm Websphere Application Server 8.5.0.2
Ibm Websphere Application Server 8.0.0.5
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.0.0.7
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.0.0.1
Ibm Websphere Application Server 8.0.0.4
Ibm Websphere Application Server 8.0.0.8
Ibm Websphere Application Server 8.0.0.2
Ibm Websphere Application Server 8.5.0.1
Ibm Websphere Application Server 8.5.0.0
Ibm Websphere Application Server 8.0.0.0
Ibm Websphere Application Server 8.0.0.9
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.0.0.3
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.0.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »