Lucene search
HistoryJan 10, 2023 - 4:15 a.m.
CVE-2023-22320
openam
web policy agent
cve-2023-22320
path traversal
vulnerability
cwe-22
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
60.8%
OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly.
Affected configurations
Node
openam_consortiumopenam_web_policy_agent_\(openam_consortium_edition\)Match4.1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| openam:openam | openam | eq | 4.1.0 |
CNA Affected
[
{
"vendor": "OpenAM consortium",
"product": "OpenAM Web Policy Agent (OpenAM Consortium Edition)",
"versions": [
{
"version": "4.1.0",
"status": "affected"
}
]
}
]Related
osv
osv
CVE-2023-22320
2023-01-10 04:15:10
prion
prion
Path traversal
2023-01-10 04:15:00
f5
f5
K000132352 : OpenAM Vulnerability CVE-2023-22320
2023-02-01 00:00:00
cvelist
cvelist
CVE-2023-22320
2023-01-10 00:00:00
ubuntucve
ubuntucve
CVE-2023-22320
2023-01-10 00:00:00
nvd
nvd
CVE-2023-22320
2023-01-10 04:15:10
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
60.8%
Related for CVE-2023-22320