Aggregates CVE and security vulnerability intelligence across all veridiumid-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting; exposure may include vendor impact session compromise in vendor surface production workloads and vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-45552 | In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal. | [email protected] | 6.5 | 0.29% | 2024-04-03 | 2025-04-16 |
| CVE-2023-44040 | In VeridiumID before 3.5.0, the identity provider page is susceptible to a cross-site scripting (XSS) vulnerability that can be exploited by an internal unauthenticated attacker for JavaScript execution in the context of the user trying to authenticate. | [email protected] | 6.1 | 0.81% | 2024-04-03 | 2025-04-24 |
| CVE-2023-44038 | In VeridiumID before 3.5.0, the identity provider page allows an unauthenticated attacker to discover information about registered users via an LDAP injection attack. | [email protected] | 6.5 | 0.15% | 2024-04-03 | 2025-04-16 |
| CVE-2023-44039 | In VeridiumID before 3.5.0, the WebAuthn API allows an internal unauthenticated attacker (who can pass enrollment verifications and is allowed to enroll a FIDO key) to register their FIDO authenticator to a victim’s account and consequently take over the account. | [email protected] | 9.1 | 0.41% | 2024-04-03 | 2025-04-16 |
| CVE-2021-42791 | An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate. | [email protected] | 7.3 | 0.31% | 2022-01-28 | 2024-11-21 |