Browse all 4 CVE security advisories affecting iagona. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Iagona provides cloud-based identity and access management solutions for enterprise environments. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. Security researchers have identified authentication bypass weaknesses and insecure direct object references in its API endpoints. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in authentication and access control components suggests potential risks for organizations relying on the platform without implementing additional security controls.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-35763 | Iagona ScrutisWeb Use of Hard-coded Cryptographic Key — ScrutisWeb | 5.5 | Medium | 2023-07-18 |
| CVE-2023-33871 | Iagona ScrutisWeb Absolute Path Traversal — ScrutisWeb | 7.5 | High | 2023-07-18 |
| CVE-2023-38257 | CVE-2023-38257 — ScrutisWeb | 7.5 | High | 2023-07-18 |
| CVE-2023-35189 | Iagona ScrutisWeb Unrestricted Upload of File with Dangerous Type — ScrutisWebCWE-434 | 10.0 | Critical | 2023-07-18 |
This page lists every published CVE security advisory associated with iagona. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.