CVE-2020-13422

Name of the Vulnerable Software and Affected Versions OpenIAM versions prior to 4.2.0.3

Description The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/*" endpoint. This means that users without proper permissions may be able to execute actions they should not have access to.

Recommendations For versions prior to 4.2.0.3, update to version 4.2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/webconsole/rest/api/*" endpoint to minimize the risk of exploitation.