Known Vulnerabilities for products from Oneidentity
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Oneidentity".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-8019 | A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP... | 7.8 - HIGH | 2020-06-29 | 2020-07-09 |
| CVE-2020-7962 | An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is pos... | 5.3 - MEDIUM | 2020-11-13 | 2021-07-21 |
| CVE-2019-13498 | One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle... | 7.4 - HIGH | 2019-07-29 | 2023-02-28 |
| CVE-2019-13497 | One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. | 6.5 - MEDIUM | 2019-11-04 | 2019-11-05 |
| CVE-2019-13496 | One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One ... | 8.1 - HIGH | 2019-11-04 | 2019-11-05 |
| CVE-2011-1951 | lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other v... | 4.3 - MEDIUM | 2011-07-11 | 2023-02-13 |
| CVE-2011-0343 | Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations,... | 6.9 - MEDIUM | 2011-01-28 | 2020-05-19 |
| CVE-2008-5110 | syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is on... | 9.3 - HIGH | 2008-11-17 | 2021-06-22 |
| CVE-2002-1200 | Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly tr... | 7.5 - HIGH | 2002-10-28 | 2020-05-19 |
Known software with vulnerabilities from Oneidentity
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Oneidentity | Cloud Access Manager | - |
| Application | Oneidentity | Password Manager | 5.8 |
| Application | Oneidentity | Syslog-ng | - |