iam 漏洞列表

Ensure that all Amazon EKS clusters use the "AmazonEKSClusterPolicy" managed policy to efficiently manage the resources that you use with the EKS service. This policy grants Kubernetes the necessary permissions to handle resources on your behalf.

Checks if Amazon IAM Access Analyzer is active for identifying unsolicited access risks in AWS resources

Checks for expired SSL/TLS certificates from AWS IAM

Verifies that no Amazon IAM policies grant full administrative privileges, ensuring adherence to the Principle of Least Privilege

Checks if IAM user access keys are rotated every 90 days to minimize accidental exposures and unauthorized access risks

Verifies that Multi-Factor Authentication (MFA) is enabled for all IAM users with console access in AWS

Verifies that Amazon IAM users adhere to a strong password policy, including requirements for minimum length, expiration, and pattern

Checks if Multi-Factor Authentication (MFA) is enabled for the AWS root account

Verifies that IAM SSH public keys are rotated every 90 days, enhancing security and preventing unauthorized access to AWS CodeCommit repositories

Checks for the attachment of unapproved Amazon IAM managed policies to IAM roles, users, or groups, ensuring compliance with organizational access policies

Verifies that all Amazon IAM users have permissions to change their own console passwords, allowing access to 'iam:ChangePassword' for their accounts and 'iam:GetAccountPasswordPolicy' action.

Ensure IAM Database Authentication is enabled for RDS instances, allowing IAM service to manage database access, thereby removing the need to store user credentials within database configurations.

Ensure that IAM users with data decryption permissions should use conditions to enforce strict controls, enhancing data protection and reducing risks of unauthorized decryption. For compliance, the Cloud KMS CryptoKey Decrypter (roles/cloudkms.cryptoKeyDecrypter), Cloud KMS Crypto Operator (roles/cloudkms.cryptoOperator), and Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter) roles must have a condition preventing data decryption with any KMS key.

Ensure that IAM roles with administrative permissions are not assigned to IAM identities (users, groups, and service accounts) managing Cloud NAT resources. This helps enforce the Principle of Least Privilege (POLP) by granting members (principals) only the minimum access necessary to complete their tasks.

Ensure that "Disable Automatic IAM Grants for Default Service Accounts" policy is enforced for your Google Cloud Platform (GCP) organizations and projects in order to deactivate the automatic IAM role grant for default service accounts. When a default service account is created, it is automatically granted the Editor role ("roles/editor") on your project.

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the SIAM Invitation application. The url parameter of the qrcode.jsp page does not properly sanitize user input, allowing the injection and execution of malicious scripts in the browser.

SIAM Industria de Automação e Monitoramento SIAM是SIAM Industria de Automação e Monitoramento的一款用于管理和配置自动化设备、用户权限及相关功能的软件。 SIAM Industria de Automação e Monitoramento SIAM 2.0版本存在代码注入漏洞，该漏洞源于/qrcode.jsp文件的url参数包含一个跨站脚本问题。

竹云认证系统是深圳竹云科技股份有限公司开发即身份管理与访问控制，是一个可有效控制人或物等不同类型用户访问行为和权限的管理系统，能够有效控制什么人或物在什么时间有权限访问哪些资源。系统存在命令执行漏洞，攻击者可利用此漏洞获取服务器权限。

竹云-IAM 存在远程代码执行漏洞

竹云认证系统存在权限绕过漏洞，攻击者可利用此漏洞访问登录后才可使用的接口

竹云认证系统connector存在任意文件写入

Iamma Simple Gallery 1.0和2.0版本中的pages/download.php存在未限制文件上传漏洞。远程攻击者可以通过先上传一个带有可执行性扩展名的文件，然后再借助一个对上传目录中的文件的直接请求来访问它，从而实现任意的PHP代码执行。