Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oneidentity vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-48654
One Identity Password Manager prior to 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape seque...
Oneidentity Password Manager
8.8
CVSSv3
CVE-2023-51772
One Identity Password Manager prior to 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape seque...
Oneidentity Password Manager
6.8
CVSSv3
CVE-2023-4003
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges.
Oneidentity Password Manager
7.5
CVSSv3
CVE-2022-38725
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 up to and including 3.37 allows remote malicious users to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng S...
Oneidentity Syslog-ng Store Box
Oneidentity Syslog-ng
5.3
CVSSv3
CVE-2020-7962
An issue exists in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an malicious user to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The...
Oneidentity Password Manager 5.8
7.8
CVSSv3
CVE-2020-8019
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Ente...
Oneidentity Syslog-ng
6.5
CVSSv3
CVE-2019-13497
One Identity Cloud Access Manager prior to 8.1.4 Hotfix 1 allows CSRF for logout requests.
Oneidentity Cloud Access Manager 8.1.4
Oneidentity Cloud Access Manager
1 Github repository
8.1
CVSSv3
CVE-2019-13496
One Identity Cloud Access Manager prior to 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
Oneidentity Cloud Access Manager
Oneidentity Cloud Access Manager 8.1.4
1 Github repository
7.4
CVSSv3
CVE-2019-13498
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.
Oneidentity Cloud Access Manager 8.1.3
2 Github repositories
NA
CVE-2011-1951
lib/logmatcher.c in Balabit syslog-ng prior to 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote malicious users to cause a denial of service (memory consumption) via a message that does not match a regular expression.
Oneidentity Syslog-ng
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »