OneLogin
by One Identity
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59363 | Hig | 0.50 | 7.7 | 0.00 | Sep 14, 2025 | In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created), | ||
| CVE-2025-52924 | Med | 0.26 | 4.0 | 0.00 | Jul 19, 2025 | In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header. |
- risk 0.50cvss 7.7epss 0.00
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),
- risk 0.26cvss 4.0epss 0.00
In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header.