Vulnerabilities > Oneidentity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-48654 | Unspecified vulnerability in Oneidentity Password Manager One Identity Password Manager before 5.13.1 allows Kiosk Escape. | 9.8 |
| 2023-12-25 | CVE-2023-51772 | Insufficient Session Expiration vulnerability in Oneidentity Password Manager One Identity Password Manager before 5.13.1 allows Kiosk Escape. | 8.8 |
| 2023-09-27 | CVE-2023-4003 | Execution with Unnecessary Privileges vulnerability in Oneidentity Password Manager 5.10.1/5.12.0/5.9.7.1 One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. | 6.8 |
| 2023-01-23 | CVE-2022-38725 | Integer Overflow or Wraparound vulnerability in Oneidentity Syslog-Ng and Syslog-Ng Store BOX An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. | 7.5 |
| 2020-11-13 | CVE-2020-7962 | Information Exposure vulnerability in Oneidentity Password Manager 5.8 An issue was discovered in One Identity Password Manager 5.8. | 5.0 |
| 2020-06-29 | CVE-2020-8019 | UNIX Symbolic Link (Symlink) Following vulnerability in Oneidentity Syslog-Ng A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. | 7.2 |
| 2019-11-04 | CVE-2019-13497 | Cross-Site Request Forgery (CSRF) vulnerability in Oneidentity Cloud Access Manager One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | 4.3 |
| 2019-11-04 | CVE-2019-13496 | Improper Validation of Integrity Check Value vulnerability in Oneidentity Cloud Access Manager One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. | 4.3 |
| 2019-07-29 | CVE-2019-13498 | Cleartext Transmission of Sensitive Information vulnerability in Oneidentity Cloud Access Manager 8.1.3 One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. | 7.4 |
| 2011-01-28 | CVE-2011-0343 | Permissions, Privileges, and Access Controls vulnerability in Oneidentity Syslog-Ng Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. | 6.9 |