Vulnerabilities > Openiam
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-06 | CVE-2020-13422 | Missing Authorization vulnerability in Openiam OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. | 8.1 |
2021-04-06 | CVE-2020-13421 | Unspecified vulnerability in Openiam OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. | 7.5 |
2021-04-06 | CVE-2020-13420 | Unspecified vulnerability in Openiam OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. | 7.5 |
2021-04-06 | CVE-2020-13419 | Path Traversal vulnerability in Openiam OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. | 5.0 |
2021-04-06 | CVE-2020-13418 | Cross-site Scripting vulnerability in Openiam OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. | 4.3 |