Search criteria
8 vulnerabilities found for OpenAM by OpenAM consortium
CVE-2025-8662 (GCVE-0-2025-8662)
Vulnerability from cvelistv5 – Published: 2025-09-02 02:06 – Updated: 2025-09-03 14:36
VLAI?
Summary
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenAM consortium | OpenAM |
Affected:
14.0.0 , ≤ 14.0.1
(semver)
|
Credits
Hiromu Miyazaki (OSSTech Corporation)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T16:04:51.396362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T14:36:15.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OpenAM",
"vendor": "OpenAM consortium",
"versions": [
{
"lessThanOrEqual": "14.0.1",
"status": "affected",
"version": "14.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hiromu Miyazaki (OSSTech Corporation)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.\u003c/span\u003e\u003cp\u003eThis issue affects OpenAM: from 14.0.0 through 14.0.1.\u003c/p\u003e"
}
],
"value": "OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T02:06:20.806Z",
"orgId": "37c6977f-aa3f-41e8-829b-3e8ff4df3c14",
"shortName": "openam-jp"
},
"references": [
{
"url": "https://openam-jp.github.io/Advisories/CVE-2025-8662/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The OpenAM Consortium has released OpenAM 14.0.2, which addresses the vulnerability.\u003cbr\u003ePlease update to the released OpenAM version.\u003cbr\u003e"
}
],
"value": "The OpenAM Consortium has released OpenAM 14.0.2, which addresses the vulnerability.\nPlease update to the released OpenAM version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "37c6977f-aa3f-41e8-829b-3e8ff4df3c14",
"assignerShortName": "openam-jp",
"cveId": "CVE-2025-8662",
"datePublished": "2025-09-02T02:06:20.806Z",
"dateReserved": "2025-08-06T07:06:29.261Z",
"dateUpdated": "2025-09-03T14:36:15.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0696 (GCVE-0-2018-0696)
Vulnerability from cvelistv5 – Published: 2019-02-13 18:00 – Updated: 2024-08-05 03:35
VLAI?
Summary
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to manage sessions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenAM Consortium | OpenAM |
Affected:
13.0 and later
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#49995005",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenAM",
"vendor": "OpenAM Consortium",
"versions": [
{
"status": "affected",
"version": "13.0 and later"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to manage sessions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#49995005",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenAM",
"version": {
"version_data": [
{
"version_value": "13.0 and later"
}
]
}
}
]
},
"vendor_name": "OpenAM Consortium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#49995005",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"name": "https://www.cs.themistruct.com/report/wam20181012",
"refsource": "MISC",
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"name": "https://www.osstech.co.jp/support/am2018-4-1-en",
"refsource": "MISC",
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0696",
"datePublished": "2019-02-13T18:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:49.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8662 (GCVE-0-2025-8662)
Vulnerability from nvd – Published: 2025-09-02 02:06 – Updated: 2025-09-03 14:36
VLAI?
Summary
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenAM consortium | OpenAM |
Affected:
14.0.0 , ≤ 14.0.1
(semver)
|
Credits
Hiromu Miyazaki (OSSTech Corporation)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-02T16:04:51.396362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T14:36:15.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OpenAM",
"vendor": "OpenAM consortium",
"versions": [
{
"lessThanOrEqual": "14.0.1",
"status": "affected",
"version": "14.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hiromu Miyazaki (OSSTech Corporation)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.\u003c/span\u003e\u003cp\u003eThis issue affects OpenAM: from 14.0.0 through 14.0.1.\u003c/p\u003e"
}
],
"value": "OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T02:06:20.806Z",
"orgId": "37c6977f-aa3f-41e8-829b-3e8ff4df3c14",
"shortName": "openam-jp"
},
"references": [
{
"url": "https://openam-jp.github.io/Advisories/CVE-2025-8662/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The OpenAM Consortium has released OpenAM 14.0.2, which addresses the vulnerability.\u003cbr\u003ePlease update to the released OpenAM version.\u003cbr\u003e"
}
],
"value": "The OpenAM Consortium has released OpenAM 14.0.2, which addresses the vulnerability.\nPlease update to the released OpenAM version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "37c6977f-aa3f-41e8-829b-3e8ff4df3c14",
"assignerShortName": "openam-jp",
"cveId": "CVE-2025-8662",
"datePublished": "2025-09-02T02:06:20.806Z",
"dateReserved": "2025-08-06T07:06:29.261Z",
"dateUpdated": "2025-09-03T14:36:15.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0696 (GCVE-0-2018-0696)
Vulnerability from nvd – Published: 2019-02-13 18:00 – Updated: 2024-08-05 03:35
VLAI?
Summary
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to manage sessions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenAM Consortium | OpenAM |
Affected:
13.0 and later
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#49995005",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenAM",
"vendor": "OpenAM Consortium",
"versions": [
{
"status": "affected",
"version": "13.0 and later"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to manage sessions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#49995005",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenAM",
"version": {
"version_data": [
{
"version_value": "13.0 and later"
}
]
}
}
]
},
"vendor_name": "OpenAM Consortium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#49995005",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"name": "https://www.cs.themistruct.com/report/wam20181012",
"refsource": "MISC",
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"name": "https://www.osstech.co.jp/support/am2018-4-1-en",
"refsource": "MISC",
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0696",
"datePublished": "2019-02-13T18:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:49.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2023-001002
Vulnerability from jvndb - Published: 2023-01-11 17:07 - Updated:2023-01-11 17:07
Severity ?
Summary
OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal
Details
OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability (CWE-22).
Furthermore, a crafted URL may be evaluated incorrectly.
OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and OpenAM Consortium coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001002.html",
"dc:date": "2023-01-11T17:07+09:00",
"dcterms:issued": "2023-01-11T17:07+09:00",
"dcterms:modified": "2023-01-11T17:07+09:00",
"description": "OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability (CWE-22).\r\nFurthermore, a crafted URL may be evaluated incorrectly.\r\n\r\nOpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and OpenAM Consortium coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001002.html",
"sec:cpe": {
"#text": "cpe:/a:osstech:openam",
"@product": "OpenAM",
"@vendor": "OpenAM Consortium",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-001002",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91740661/index.html",
"@id": "JVNVU#91740661",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22320",
"@id": "CVE-2023-22320",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22320",
"@id": "CVE-2023-22320",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal"
}
JVNDB-2022-002367
Vulnerability from jvndb - Published: 2022-09-16 15:30 - Updated:2024-06-13 11:39
Severity ?
Summary
OpenAM (OpenAM Consortium Edition) vulnerable to open redirect
Details
OpenAM (OpenAM Consortium Edition) provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601).
OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and OpenAM Consortium coordinated under the Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002367.html",
"dc:date": "2024-06-13T11:39+09:00",
"dcterms:issued": "2022-09-16T15:30+09:00",
"dcterms:modified": "2024-06-13T11:39+09:00",
"description": "OpenAM (OpenAM Consortium Edition) provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601).\r\n\r\nOpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.\r\nJPCERT/CC and OpenAM Consortium coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002367.html",
"sec:cpe": {
"#text": "cpe:/a:osstech:openam",
"@product": "OpenAM",
"@vendor": "OpenAM Consortium",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2022-002367",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU99326969/index.html",
"@id": "JVNVU#99326969",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-31735",
"@id": "CVE-2022-31735",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-31735",
"@id": "CVE-2022-31735",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/601.html",
"@id": "CWE-601",
"@title": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)(CWE-601)"
}
],
"title": "OpenAM (OpenAM Consortium Edition) vulnerable to open redirect"
}
JVNDB-2019-000007
Vulnerability from jvndb - Published: 2019-02-06 15:45 - Updated:2019-08-28 11:00
Severity ?
Summary
OpenAM (Open Source Edition) vulnerable to open redirect
Details
OpenAM (Open Source Edition) contains an open redirect vulnerability.
Norihito Aimoto of Open Source Solution Technology Corporation reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developers.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000007.html",
"dc:date": "2019-08-28T11:00+09:00",
"dcterms:issued": "2019-02-06T15:45+09:00",
"dcterms:modified": "2019-08-28T11:00+09:00",
"description": "OpenAM (Open Source Edition) contains an open redirect vulnerability.\r\n\r\nNorihito Aimoto of Open Source Solution Technology Corporation reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developers.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000007.html",
"sec:cpe": {
"#text": "cpe:/a:osstech:openam",
"@product": "OpenAM",
"@vendor": "OpenAM Consortium",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2019-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN43193964/index.html",
"@id": "JVN#43193964",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5915",
"@id": "CVE-2019-5915",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-5915",
"@id": "CVE-2019-5915",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "OpenAM (Open Source Edition) vulnerable to open redirect"
}
JVNDB-2018-000107
Vulnerability from jvndb - Published: 2018-10-12 14:44 - Updated:2019-09-26 18:10
Severity ?
Summary
OpenAM (Open Source Edition) vulnerable to session management
Details
OpenAM (Open Source Edition) contains a vulnerability in session management.
Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000107.html",
"dc:date": "2019-09-26T18:10+09:00",
"dcterms:issued": "2018-10-12T14:44+09:00",
"dcterms:modified": "2019-09-26T18:10+09:00",
"description": "OpenAM (Open Source Edition) contains a vulnerability in session management.\r\n\r\nYasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000107.html",
"sec:cpe": {
"#text": "cpe:/a:osstech:openam",
"@product": "OpenAM",
"@vendor": "OpenAM Consortium",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000107",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN49995005/index.html",
"@id": "JVN#49995005",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0696",
"@id": "CVE-2018-0696",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0696",
"@id": "CVE-2018-0696",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "OpenAM (Open Source Edition) vulnerable to session management"
}