Vulnerabilidades em One Identity
6 resultadosCVE-2025-34063CRITICALOneLogin AD Connector JWT Authentication Bypass via Exposed Signing KeyEPSS 0.5%CVE-2025-34064CRITICALOneLogin AD Connector Log S3 Bucket Hijack Leading to Cross-Tenant Data LeakageEPSS 0.4%CVE-2025-59363HIGHIn One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should onlyEPSS 0.3%CVE-2025-52924MEDIUMIn One Identity OneLogin before 2025.2.0, the SQL connection "application name" is set based on the value of an untrusted X-RequestId HTTP rEPSS 0.2%CVE-2025-27582HIGHThe Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawEPSS 0.2%CVE-2025-34062MEDIUMOneLogin AD Connector API Credential and Signing Key ExposureEPSS 0.1%