Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


1MidPoint user interface clickjacking21 Mar 2019MediumMidPoint user interface vulnerable to clickjacking due to missing X-Frame-Options header.
2Abuse of expressions in midPoint reports8 Apr 2019MediumMidPoint expressions embedded in midPoint reports can be used to gain unauthorized access to the system.
3XXE Vulnerabilities17 Apr 2019MediumThe way how MidPoint handles XML documents is vulnerable to attacks based on XML External Entities (XXE)
4AD and LDAP connectors do not check certificate validity17 Apr 2019HighLDAP and Active Directory connectors are not properly checking TLS/SSL certificate validity.
5Workitem identifier weakness18 Apr 2019MediumAny approver can display any workitem by guessing its short identifier.
6Plain text password in temporary files13 May 2019LowPlaintext password is sometimes left stored in temporary files on a file system.
7Plain text password in task objects in repository23 May 2019LowPlaintext passwords are sometimes stored in task objects in the repository (database).