Openiam: Security Vulnerabilities
OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-04-06
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-04-06
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions.
CVSS Score
8.1
EPSS Score
0.001
Published
2021-04-06
OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-06
OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-04-06