Security Advisories

Last modified 23 Mar 2021 17:18 +01:00
# Title Date Severity Description

1

MidPoint user interface clickjacking

21 Mar 2019

Medium

MidPoint user interface vulnerable to clickjacking due to missing X-Frame-Options header.

2

Abuse of expressions in midPoint reports

8 Apr 2019

Medium

MidPoint expressions embedded in midPoint reports can be used to gain unauthorized access to the system.

3

XXE Vulnerabilities

17 Apr 2019

Medium

The way how MidPoint handles XML documents is vulnerable to attacks based on XML External Entities (XXE)

4

AD and LDAP connectors do not check certificate validity

17 Apr 2019

High

LDAP and Active Directory connectors are not properly checking TLS/SSL certificate validity.

5

Workitem identifier weakness

18 Apr 2019

Medium

Any approver can display any workitem by guessing its short identifier.

6

Plain text password in temporary files

13 May 2019

Low

Plaintext password is sometimes left stored in temporary files on a file system.

7

Plain text password in task objects in repository

23 May 2019

Low

Plaintext passwords are sometimes stored in task objects in the repository (database).

8

XSS Vulnerability In displayName

14 Jun 2019

Low

Cross-site scripting (XSS) vulnerability exists in some parts of midPoint user interface, namely in organization displayName.

9

SOAP Web Service Vulnerable To Brute Force Attack

9 Jul 2019

Medium

SOAP-based web service interface of midPoint does not limit authentication attempts.

10

Authorizations not applied properly to preview changes

30 Jul 2019

Medium

Authorizations not applied properly to the results of "preview changes" functionality.

11

Stored XSS vulnerability via 'name' property

30 Aug 2019

Medium

Stored cross-site scripting (XSS) vulnerability exists in midPoint user interface that can be exploited by manipulation of object 'name' property.

12

User changes and user session updates

9 Sep 2019

Low

Sessions of users logged-in to midPoint user interface are unaffected by the change of user profiles - until users log in again.

13

HTTP error codes used for SecQ REST authentication reveal user existence

11 Oct 2019

Low

HTTP error codes used for REST authentication based on security questions (a.k.a. SecQ) reveal user existence.

14

Ghostcat Vulnerability of Apache Tomcat

2 Mar 2020

Informational

Apache JServ Protocol (AJP) of Apache Tomcat may be vulnerable to several types of attack.