CVE-2019-13496

HIGH

One Identity Cloud Access Manager <8.1.4 - Auth Bypass

Title source: llm

Description

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows OTP bypass via vectors involving a man in the middle, the One Identity Defender product, and replacing a failed SAML response with a successful SAML response.

Exploits (1)

nomisec WRITEUP 2 stars

by FurqanKhan1 · poc

https://github.com/FurqanKhan1/CVE-2019-13496

View Code ZIP pw:eip

References (2)

[Release Notes, Vendor Advisory] https://support.oneidentity.com/cloud-access-manager/kb/311391/cloud-access-manager-8-1-4-hotfix-1

[Exploit, Third Party Advisory] https://github.com/FurqanKhan1/CVE-2019-13496

Scores

CVSS v3 8.1

EPSS 0.0063

EPSS Percentile 70.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-354

Status published

Products (2)

oneidentity/cloud_access_manager 8.1.4

oneidentity/cloud_access_manager < 8.1.4

Published Nov 04, 2019

Tracked Since Feb 18, 2026