CVE-2026-33439

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

CVE-2025-64099 OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

EUVD-2023-1953

Malicious code in bioql PyPI...

CVE-2023-37471

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...

Authentication flaw

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...

CVE-2023-37471 User impersonation using SAMLv1.x SSO in Open Access Management

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...

CVE-2023-37471 User impersonation using SAMLv1.x SSO in Open Access Management

Open Access Management OpenAM is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-...

OpenAM 授权问题漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation and federation capabilities. An authorization issue vulnerability exists in Open Access Management OpenAM versions 14.7.2 and earlier, which stems from an...