Vendor
One Identity
Products
2
CVEs
3
Across products
3
Status
Private
Products
2- 2 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59363 | Hig | 0.50 | 7.7 | 0.00 | Sep 14, 2025 | In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created), | ||
| CVE-2025-52925 | Med | 0.33 | 5.0 | 0.00 | Jul 2, 2025 | In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812. | ||
| CVE-2025-52924 | Med | 0.26 | 4.0 | 0.00 | Jul 19, 2025 | In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header. |
- risk 0.50cvss 7.7epss 0.00
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),
- risk 0.33cvss 5.0epss 0.00
In One Identity OneLogin Active Directory Connector before 6.1.5, encryption of the DirectoryToken was mishandled, aka ST-812.
- risk 0.26cvss 4.0epss 0.00
In One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP request header.