CNNVD-202507-055 Information
CNNVD ID
CNNVD-202507-055
Related CVE
- CNNVD Published: 2025-07-01
Description (Chinese)
One Identity OneLogin AD Connector是美国One Identity公司的一个连接器软件。 One Identity OneLogin AD Connector 6.1.5之前版本存在安全漏洞,该漏洞源于/api/adc/v4/configuration端点导致信息泄露。
Description (English)
One Identity OneLogin AD Contractor is a connection software for One Identity in the United States. One Identity OneLogin AD Contractor 6.1.5 has a security loophole that originates from/api/adc/v4/configuration endpoints and leads to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Oneflow
Published
2025-07-01
Last Modified
2026-02-24
References
https://vulncheck.com/advisories/onelogin-ad-connector-account-compromise https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/ https://support.onelogin.com/product-notification/noti-00001768 https://access.redhat.com/security/cve/cve-2025-34062
Patch
https://support.onelogin.com/product-notification/noti-00001768
Share on: