CVE-2019-13497
https://notcve.org/view.php?id=CVE-2019-13497
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests. One Identity Cloud Access Manager versiones anteriores a 8.1.4 Hotfix 1, permite un ataque de tipo CSRF para peticiones de cierre de sesión. • https://github.com/FurqanKhan1/CVE-2019-13497 https://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-13496
https://notcve.org/view.php?id=CVE-2019-13496
One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response. One Identity Cloud Access Manager versiones anteriores a 8.1.4 Hotfix 1, permite la omisión de OTP por medio de vectores que involucran una vulnerabilidad de tipo man in the middle, el producto One Identity Defender, y el reemplazo de una respuesta SAML fallida con una respuesta SAML con éxito. • https://github.com/FurqanKhan1/CVE-2019-13496 https://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1 • CWE-354: Improper Validation of Integrity Check Value •
CVE-2019-13498
https://notcve.org/view.php?id=CVE-2019-13498
One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. One Identity Cloud Access Manager versión 8.1.3, no utiliza HTTP Strict Transport Security (HSTS), lo que puede permitir ataques de tipo man-in-the-middle (MITM). Este problema es corregido en la versión 8.1.4. • https://github.com/FurqanKhan1/CVE-2019-13498 https://support.oneidentity.com/technical-documents/cloud-access-manager/8.1.4/release-notes#TOPIC-1028731 • CWE-319: Cleartext Transmission of Sensitive Information •