Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

himmelblau-idm — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting himmelblau-idm. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Himmelblau-idm is an identity and access management solution designed to streamline user authentication and authorization across enterprise systems. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its nine recorded CVEs. The product's security posture has been marked by inconsistent input validation and insufficient access controls in previous versions. While no major public security incidents have been widely documented, the pattern of vulnerabilities suggests a need for rigorous patch management and security hardening. Organizations implementing this solution should prioritize timely updates and conduct thorough security assessments to mitigate potential risks.

Top products by himmelblau-idm: himmelblau
CVE IDTitleCVSSSeverityPublished
CVE-2026-34397 himmelblau: NSS fake-primary group lookup reintroduces name collision risk — himmelblauCWE-269 6.3 Medium2026-04-01
CVE-2026-31979 himmelblaud-tasks: local privilege escalation via /tmp symlink attack on Kerberos ccache — himmelblauCWE-59 8.8 High2026-03-11
CVE-2026-31957 Himmelblau unset domain configuration can allow any-tenant authentication at first login for remote deployments — himmelblauCWE-1188 10.0 Critical2026-03-11
CVE-2025-59044 Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation) — himmelblauCWE-1188 4.4 Medium2025-09-09
CVE-2025-54882 Himmelblau's Kerberos credential cache collection is world readable — himmelblauCWE-522 7.1 High2025-08-07
CVE-2025-54781 Himmelblau leaks an Intune service access token in its logs — himmelblauCWE-532 2.8 Low2025-08-01
CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN — himmelblauCWE-287 5.2 Medium2025-06-26
CVE-2025-49012 Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass — himmelblauCWE-287 5.4 Medium2025-06-05
CVE-2025-24034 Himmelblau leaks credentials in the debug log — himmelblauCWE-532 3.2 Low2025-01-23

This page lists every published CVE security advisory associated with himmelblau-idm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.