Search criteria
3 vulnerabilities found for secureauth_identity_provider by secureauth
FKIE_CVE-2020-9437
Vulnerability from fkie_nvd - Published: 2020-06-25 20:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases | Vendor Advisory | |
| cve@mitre.org | https://know.bishopfox.com/advisories | Third Party Advisory | |
| cve@mitre.org | https://labs.bishopfox.com/advisories/secureauth-version-9.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://know.bishopfox.com/advisories | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.bishopfox.com/advisories/secureauth-version-9.3 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| secureauth | secureauth_identity_provider | 9.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:secureauth:secureauth_identity_provider:9.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "2EAF1CC8-3AA1-479C-B95D-78939548CD17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS."
},
{
"lang": "es",
"value": "El archivo SecureAuth.aspx en SecureAuth IdP versi\u00f3n 9.3.0, sufre de una inyecci\u00f3n de plantilla del lado del cliente que permite una ejecuci\u00f3n de script, de la misma manera como un ataque de tipo XSS"
}
],
"id": "CVE-2020-9437",
"lastModified": "2024-11-21T05:40:38.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-25T20:15:11.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-9437 (GCVE-0-2020-9437)
Vulnerability from cvelistv5 – Published: 2020-06-25 19:35 – Updated: 2024-08-04 10:26
VLAI?
Summary
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T19:35:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases",
"refsource": "MISC",
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"name": "https://labs.bishopfox.com/advisories/secureauth-version-9.3",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9437",
"datePublished": "2020-06-25T19:35:18",
"dateReserved": "2020-02-27T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9437 (GCVE-0-2020-9437)
Vulnerability from nvd – Published: 2020-06-25 19:35 – Updated: 2024-08-04 10:26
VLAI?
Summary
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T19:35:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://know.bishopfox.com/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"url": "https://know.bishopfox.com/advisories"
},
{
"name": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases",
"refsource": "MISC",
"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases"
},
{
"name": "https://labs.bishopfox.com/advisories/secureauth-version-9.3",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9437",
"datePublished": "2020-06-25T19:35:18",
"dateReserved": "2020-02-27T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}