VYPR

OpenIAM

by OpenIAM

CVEs (5)

  • CVE-2020-13421CriApr 6, 2021
    risk 0.64cvss 9.8epss 0.01

    OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.

  • CVE-2020-13420CriApr 6, 2021
    risk 0.64cvss 9.8epss 0.02

    OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.

  • CVE-2020-13422HigApr 6, 2021
    risk 0.53cvss 8.1epss 0.01

    OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.

  • CVE-2020-13418MedApr 6, 2021
    risk 0.40cvss 6.1epss 0.01

    OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.

  • CVE-2020-13419MedApr 6, 2021
    risk 0.35cvss 5.3epss 0.01

    OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.