Vulnerabilities > Oneidentity

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-48654 Unspecified vulnerability in Oneidentity Password Manager
One Identity Password Manager before 5.13.1 allows Kiosk Escape.
network
low complexity
oneidentity
critical
9.8
2023-12-25 CVE-2023-51772 Insufficient Session Expiration vulnerability in Oneidentity Password Manager
One Identity Password Manager before 5.13.1 allows Kiosk Escape.
network
low complexity
oneidentity CWE-613
8.8
2023-09-27 CVE-2023-4003 Execution with Unnecessary Privileges vulnerability in Oneidentity Password Manager 5.10.1/5.12.0/5.9.7.1
One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method.
low complexity
oneidentity CWE-250
6.8
2023-01-23 CVE-2022-38725 Integer Overflow or Wraparound vulnerability in Oneidentity Syslog-Ng and Syslog-Ng Store BOX
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function.
network
low complexity
oneidentity CWE-190
7.5
2020-11-13 CVE-2020-7962 Information Exposure vulnerability in Oneidentity Password Manager 5.8
An issue was discovered in One Identity Password Manager 5.8.
network
low complexity
oneidentity CWE-200
5.0
2020-06-29 CVE-2020-8019 UNIX Symbolic Link (Symlink) Following vulnerability in Oneidentity Syslog-Ng
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12-SP1; openSUSE Backports SLE-15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root.
local
low complexity
oneidentity CWE-61
7.2
2019-11-04 CVE-2019-13497 Cross-Site Request Forgery (CSRF) vulnerability in Oneidentity Cloud Access Manager
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests.
4.3
2019-11-04 CVE-2019-13496 Improper Validation of Integrity Check Value vulnerability in Oneidentity Cloud Access Manager
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
4.3
2019-07-29 CVE-2019-13498 Cleartext Transmission of Sensitive Information vulnerability in Oneidentity Cloud Access Manager 8.1.3
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks.
network
high complexity
oneidentity CWE-319
7.4
2011-01-28 CVE-2011-0343 Permissions, Privileges, and Access Controls vulnerability in Oneidentity Syslog-Ng
Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.
6.9