Oneidentity: >> Cloud Access Manager Security Vulnerabilities
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests.
CVSS Score
6.5
EPSS Score
0.012
Published
2019-11-04
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.
CVSS Score
8.1
EPSS Score
0.006
Published
2019-11-04
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.
CVSS Score
7.4
EPSS Score
0.015
Published
2019-07-29