| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2020-6191 |
20 |
|
|
2020-02-12 |
2020-02-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. |
|
352 |
CVE-2020-6190 |
200 |
|
+Info |
2020-02-12 |
2020-02-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. |
|
353 |
CVE-2020-6189 |
200 |
|
+Info |
2020-02-12 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure. |
|
354 |
CVE-2020-6188 |
862 |
|
|
2020-02-12 |
2020-02-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check. |
|
355 |
CVE-2020-6187 |
611 |
|
DoS |
2020-02-12 |
2020-02-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. |
|
356 |
CVE-2020-6186 |
306 |
|
DoS |
2020-02-12 |
2020-02-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. |
|
357 |
CVE-2020-6185 |
79 |
|
XSS |
2020-02-12 |
2020-02-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability. |
|
358 |
CVE-2020-6184 |
79 |
|
XSS |
2020-02-12 |
2020-02-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. |
|
359 |
CVE-2020-6183 |
862 |
|
|
2020-02-12 |
2020-02-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability. |
|
360 |
CVE-2020-6181 |
|
|
Http R.Spl. |
2020-02-12 |
2020-02-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability. |
|
361 |
CVE-2020-6177 |
20 |
|
DoS |
2020-02-12 |
2020-02-19 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server. |
|
362 |
CVE-2020-6174 |
347 |
|
|
2020-02-05 |
2020-02-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. |
|
363 |
CVE-2020-6069 |
787 |
|
Exec Code |
2020-02-11 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
364 |
CVE-2020-6068 |
787 |
|
Exec Code |
2020-02-14 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
365 |
CVE-2020-6067 |
787 |
|
Exec Code |
2020-02-11 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
366 |
CVE-2020-6066 |
787 |
|
Exec Code |
2020-02-11 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
367 |
CVE-2020-6065 |
787 |
|
Exec Code |
2020-02-11 |
2022-06-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
368 |
CVE-2020-6064 |
787 |
|
Exec Code |
2020-02-11 |
2022-06-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
369 |
CVE-2020-6063 |
787 |
|
Exec Code |
2020-02-11 |
2022-06-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
|
370 |
CVE-2020-6062 |
476 |
|
DoS |
2020-02-19 |
2022-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. |
|
371 |
CVE-2020-6061 |
125 |
|
+Info |
2020-02-19 |
2022-06-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. |
|
372 |
CVE-2020-6060 |
787 |
|
DoS Overflow |
2020-02-04 |
2022-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server. |
|
373 |
CVE-2020-6059 |
190 |
|
DoS |
2020-02-04 |
2022-06-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. |
|
374 |
CVE-2020-6058 |
125 |
|
DoS |
2020-02-04 |
2022-06-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. |
|
375 |
CVE-2020-5856 |
20 |
|
|
2020-02-06 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. |
|
376 |
CVE-2020-5855 |
863 |
|
|
2020-02-06 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. |
|
377 |
CVE-2020-5854 |
20 |
|
|
2020-02-06 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. |
|
378 |
CVE-2020-5831 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
379 |
CVE-2020-5830 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
380 |
CVE-2020-5829 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
381 |
CVE-2020-5828 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
382 |
CVE-2020-5827 |
125 |
|
|
2020-02-11 |
2020-02-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
383 |
CVE-2020-5826 |
119 |
|
Overflow |
2020-02-11 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. |
|
384 |
CVE-2020-5825 |
269 |
|
|
2020-02-11 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges. |
|
385 |
CVE-2020-5824 |
|
|
DoS |
2020-02-11 |
2020-02-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable. |
|
386 |
CVE-2020-5823 |
269 |
|
+Priv |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
387 |
CVE-2020-5822 |
269 |
|
+Priv |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
388 |
CVE-2020-5821 |
74 |
|
Exec Code |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit. |
|
389 |
CVE-2020-5820 |
269 |
|
+Priv |
2020-02-11 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. |
|
390 |
CVE-2020-5720 |
22 |
|
Dir. Trav. |
2020-02-06 |
2020-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. |
|
391 |
CVE-2020-5534 |
78 |
|
Exec Code |
2020-02-21 |
2020-02-21 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
|
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors. |
|
392 |
CVE-2020-5533 |
79 |
|
XSS |
2020-02-21 |
2020-02-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
393 |
CVE-2020-5532 |
287 |
|
Bypass |
2020-02-14 |
2020-02-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors. |
|
394 |
CVE-2020-5531 |
|
|
DoS |
2020-02-17 |
2020-03-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 MELSEC-Q Series C Controller Module(Q24DHCCPU-V, Q24DHCCPU-VG User Ethernet port (CH1, CH2): First 5 digits of serial number 21121 or before), MELSEC iQ-R Series C Controller Module / C Intelligent Function Module(R12CCPU-V Ethernet port (CH1, CH2): First 2 digits of serial number 11 or before, and RD55UP06-V Ethernet port: First 2 digits of serial number 08 or before), and MELIPC Series MI5000(MI5122-VW Ethernet port (CH1): First 2 digits of serial number 03 or before, or the firmware version 03 or before) allow remote attackers to cause a denial of service and/or malware being executed via unspecified vectors. |
|
395 |
CVE-2020-5530 |
352 |
|
CSRF |
2020-02-18 |
2020-02-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
|
396 |
CVE-2020-5529 |
665 |
|
Exec Code |
2020-02-11 |
2021-12-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application. |
|
397 |
CVE-2020-5528 |
79 |
|
XSS |
2020-02-06 |
2020-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and earlier (Movable Type Advanced 7), Movable Type Advanced 6.5.2 and earlier (Movable Type Advanced 6.5), Movable Type Premium 1.26 and earlier (Movable Type Premium), and Movable Type Premium Advanced 1.26 and earlier (Movable Type Premium Advanced)) allows remote attackers to inject arbitrary web script or HTML in the block editor and the rich text editor via a specially crafted URL. |
|
398 |
CVE-2020-5525 |
78 |
|
Exec Code |
2020-02-21 |
2020-02-21 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
|
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen. |
|
399 |
CVE-2020-5524 |
78 |
|
Exec Code |
2020-02-21 |
2020-02-21 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. |
|
400 |
CVE-2020-5402 |
352 |
|
CSRF |
2020-02-27 |
2020-03-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. |
