CNNVD-202510-1926 Information

CNNVD ID

CNNVD-202510-1926

Related CVE

CVE-2025-54603

• CNNVD Published: 2025-10-14

Description (Chinese)

Claroty Secure Access是美国Claroty公司的一款远程安全访问管理平台。 Claroty Secure Access 3.3.0版本至4.0.2版本存在安全漏洞，该漏洞源于OIDC身份验证流程不正确，可能导致未经授权的用户创建或冒充现有OIDC用户。

Description (English)

Clarity Security Access is a remote security access management platform for the United States company Clarity. There is a security loophole in the Clarity Security Access versions 3.3.0 to 4.0.2, which stems from the incorrect identification process of the ODS, which may result in unauthorized users creating or impersonating existing ODS users.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Claroty

Published

2025-10-14

Last Modified

2026-02-24

References

https://claroty.com https://claroty.com/product-security/oidc-configurations-in-claroty-secure-access https://access.redhat.com/security/cve/cve-2025-54603

Patch

https://www.claroty.com/