VYPR

Enterprise Identity Cloud (EIC)

by Saviynt

CVEs (2)

  • CVE-2022-23855CriJan 24, 2022
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account.

  • CVE-2022-23856MedJan 24, 2022
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.