Security Advisories

Last modified 27 Feb 2024 18:19 +01:00
# Title Date Severity Description

1

MidPoint user interface clickjacking

21 Mar 2019

Medium

MidPoint user interface vulnerable to clickjacking due to missing X-Frame-Options header.

2

Abuse of expressions in midPoint reports

8 Apr 2019

Medium

MidPoint expressions embedded in midPoint reports can be used to gain unauthorized access to the system.

3

XXE Vulnerabilities

17 Apr 2019

Medium

The way how MidPoint handles XML documents is vulnerable to attacks based on XML External Entities (XXE)

4

AD and LDAP connectors do not check certificate validity

17 Apr 2019

High

LDAP and Active Directory connectors are not properly checking TLS/SSL certificate validity.

5

Workitem identifier weakness

18 Apr 2019

Medium

Any approver can display any workitem by guessing its short identifier.

6

Plain text password in temporary files

13 May 2019

Low

Plaintext password is sometimes left stored in temporary files on a file system.

7

Plain text password in task objects in repository

23 May 2019

Low

Plaintext passwords are sometimes stored in task objects in the repository (database).

8

XSS Vulnerability In displayName

14 Jun 2019

Low

Cross-site scripting (XSS) vulnerability exists in some parts of midPoint user interface, namely in organization displayName.

9

SOAP Web Service Vulnerable To Brute Force Attack

9 Jul 2019

Medium

SOAP-based web service interface of midPoint does not limit authentication attempts.

10

Authorizations not applied properly to preview changes

30 Jul 2019

Medium

Authorizations not applied properly to the results of "preview changes" functionality.

11

Stored XSS vulnerability via 'name' property

30 Aug 2019

Medium

Stored cross-site scripting (XSS) vulnerability exists in midPoint user interface that can be exploited by manipulation of object 'name' property.

12

User changes and user session updates

9 Sep 2019

Low

Sessions of users logged-in to midPoint user interface are unaffected by the change of user profiles - until users log in again.

13

HTTP error codes used for SecQ REST authentication reveal user existence

11 Oct 2019

Low

HTTP error codes used for REST authentication based on security questions (a.k.a. SecQ) reveal user existence.

14

Ghostcat Vulnerability of Apache Tomcat

2 Mar 2020

Informational

Apache JServ Protocol (AJP) of Apache Tomcat may be vulnerable to several types of attack.

15

Disabled Users able to log-in when LDAP authentication is enabled

5 June 2023

Medium

MidPoint allows log-in for disabled users if LDAP authorization is used.

16

Unauthorized user is able to reset password if focusIdentification is enabled

5 June 2023

High

MidPoint 4.7 may be vulnerable to password reset attack if new password reset focusIdentification is configured.

17

Self Registration feature allows to change password of other users

5 June 2023

High

MidPoint may be vulnerable to password change attack if self registration or post registration is configured.

18

Less privileged user able to execute custom Groovy scripts via Bulk Tasks

20 September 2023

High

Non-Administrator users authorized to execute Bulk Actions are able to execute Groovy Scripts if they are able to enter raw XML for bulk actions.

19

Stored XSS Vulnerability In fullName and displayName

20 September 2023

High

Stored cross-site scripting (XSS) vulnerability exists in midPoint user interface that can be exploited by manipulation of object 'displayName' property.

20

CSRF protection was not working if user logged using SAML2 or OIDC

20 September 2023

High

MidPoint may be vulnerable to CSRF attacks if user was authenticated using SAML 2 or OIDC.

21

Not Invited User able to register if Invitation flow is configured

29 January 2024

High

MidPoint 4.8 may be vulnerable to unauthorized registration if invitation flow is enabled with custom registration form.

22

Some users can execute script code beyond their authorizations

27 February 2024

High

Users who are authorized to submit raw XML/JSON/YAML object data to midPoint may execute arbitrary scripts.

23

Some users can execute selected operations beyond their authorizations

27 February 2024

High

Authorized REST users can inject false resource data into midPoint and invoke the import from resources without any further authorizations.

24

Hidden panels on detail page are accessible by URL

27 February 2024

Medium

Hidden panels on details page are accessible by URL manipulation.

Was this page helpful?
YES NO
Thanks for your feedback