Описание
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.4 (исключая)
Одно из
cpe:2.3:a:oneidentity:cloud_access_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:oneidentity:cloud_access_manager:8.1.4:-:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00633
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-354
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
EPSS
Процентиль: 70%
0.00633
Низкий
8.1 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-354