VYPR
Vendor

OpenIAM

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2020-13421CriApr 6, 2021
    risk 0.64cvss 9.8epss 0.01

    OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.

  • CVE-2020-13420CriApr 6, 2021
    risk 0.64cvss 9.8epss 0.02

    OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.

  • CVE-2020-13422HigApr 6, 2021
    risk 0.53cvss 8.1epss 0.01

    OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.

  • CVE-2020-13418MedApr 6, 2021
    risk 0.40cvss 6.1epss 0.01

    OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.

  • CVE-2020-13419MedApr 6, 2021
    risk 0.35cvss 5.3epss 0.01

    OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.