Multiple vulnerabilities in One Identity Cloud Access Manager



Published: 2019-11-06
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-13497
CVE-2019-13496
CWE-ID CWE-352
CWE-354
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
Cloud Access Manager
Other software / Other software solutions

Vendor One Identity

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Cross-site request forgery

EUVDB-ID: #VU22527

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13497

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in logout requests. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cloud Access Manager: 8.1 - 8.1.4


CPE2.3 External links

http://github.com/FurqanKhan1/CVE-2019-13497
http://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper validation of integrity check value

EUVDB-ID: #VU22542

Risk: High

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-13496

CWE-ID: CWE-354 - Improper Validation of Integrity Check Value

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the affected software does not validate or incorrectly validates the integrity check values. A remote attacker can perform a man-in-the-middle (MitM) attack, bypass OTP, replace a failed SAML response with a successful SAML response and gain access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cloud Access Manager: 8.1 - 8.1.4


CPE2.3 External links

http://github.com/FurqanKhan1/CVE-2019-13496
http://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###