Vulnerabilities > Openiam

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-06	CVE-2020-13422	Missing Authorization vulnerability in Openiam OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. network low complexity openiam CWE-862	8.1
2021-04-06	CVE-2020-13421	Unspecified vulnerability in Openiam OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. network low complexity openiam critical	9.8
2021-04-06	CVE-2020-13420	Unspecified vulnerability in Openiam OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. network low complexity openiam critical	9.8
2021-04-06	CVE-2020-13419	Path Traversal vulnerability in Openiam OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. network low complexity openiam CWE-22	5.3
2021-04-06	CVE-2020-13418	Cross-site Scripting vulnerability in Openiam OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. network low complexity openiam CWE-79	6.1

Vulnerabilities > Openiam {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Openiam"}]}