Vulnerability identifier: #VU22528
Vulnerability risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-300
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cloud Access Manager
Other software /
Other software solutions
Vendor: One Identity
Description
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cloud Access Manager: 8.1.3
External links
http://github.com/FurqanKhan1/CVE-2019-13498
http://support.oneidentity.com/technical-documents/cloud-access-manager/8.1.4/release-notes#TOPIC-1028731
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.