Main Vulnerability Database SB2019072920

SB2019072920 - Man-in-the-Middle (MitM) attack in One Identity Cloud Access Manager

Published: July 29, 2019 Updated: November 5, 2019

Security Bulletin ID SB2019072920

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2019-13498)

The vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.

The vulnerability exists due to the affected software does not use HTTP Strict Transport Security (HSTS). A remote attacker can perform perform a man-in-the-middle attack, steal credentials and manipulate content.

Remediation

Install update from vendor's website.

References

https://github.com/FurqanKhan1/CVE-2019-13498
https://support.oneidentity.com/technical-documents/cloud-access-manager/8.1.4/release-notes#TOPIC-1028731