CVE-2019-13497

MEDIUM

One Identity Cloud Access Manager < 8.1.4 - Cross-Site Request Forgery via Logout Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13497. PoCs published by FurqanKhan1.

AI-analyzed exploit summary This repository provides a technical description of a CSRF vulnerability in OneIdentity Cloud Access Manager 8.1.3, including a high-level explanation of the exploit mechanism and screenshots of the attack flow. It lacks functional exploit code but offers sufficient technical context to understand the vulnerability.

Description

One Identity Cloud Access Manager before 8.1.4 Hotfix 1 allows CSRF for logout requests.

Exploits (1)

nomisec WRITEUP 2 stars
by FurqanKhan1 · poc
https://github.com/FurqanKhan1/CVE-2019-13497

This repository provides a technical description of a CSRF vulnerability in OneIdentity Cloud Access Manager 8.1.3, including a high-level explanation of the exploit mechanism and screenshots of the attack flow. It lacks functional exploit code but offers sufficient technical context to understand the vulnerability.

Classification
Writeup 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: OneIdentity Cloud Access Manager 8.1.3
No auth needed
Prerequisites: Victim must have an active session · Attacker must trick victim into clicking a malicious link
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/FurqanKhan1/CVE-2019-13497

Scores

CVSS v3 6.5
EPSS 0.0073
EPSS Percentile 49.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-352
Status published
Products (2)
oneidentity/cloud_access_manager 8.1.4
oneidentity/cloud_access_manager < 8.1.4
Published Nov 04, 2019
Tracked Since Feb 18, 2026