Vendor scorecard
OneLogin
OneLogin security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: onelogin
Product families
1
Open in latest
1
Inferred — see methodology
Last disclosure
Jul 9, 2024
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| AD Connector / AgentsIdentity & Access Managementactive_directory_connector, desktop | 0 | 1 | 4.29.0MED |
02
Recent CVEs
6 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-6222(opens NVD record) | High | 7.0 | In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 https://docs.docker.com/desktop/release-notes/#4290 fixes the issue on MacOS, Linux and Windows with Hyper-V backend. As exploitation requires "Allow only extensions distributed through the Docker Marketplace" to be disabled, Docker Desktop v4.31.0 https://docs.docker.com/desktop/release-notes/#4310 additionally changes the default configuration to enable this setting by default. | Jul 9, 2024 |
| CVE-2022-40725(opens NVD record) | High | 7.3 | PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | Apr 25, 2023 |
| CVE-2023-28124(opens NVD record) | Medium | 5.5 | Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | Apr 19, 2023 |
| CVE-2023-28123(opens NVD record) | Medium | 5.5 | A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. | Apr 19, 2023 |
| CVE-2023-28122(opens NVD record) | High | 7.8 | A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. | Apr 19, 2023 |
| CVE-2022-35257(opens NVD record) | High | 7.8 | A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. | Sep 23, 2022 |
0 CVEs · 1 product families