EUVD-2026-19941

OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via jato.clientSession Deserialization in OpenAM...

PT-2026-30917

Name of the Vulnerable Software and Affected Versions OpenIdentityPlatform OpenAM versions prior to 16.0.6 Description OpenIdentityPlatform OpenAM is susceptible to pre-authentication Remote Code Execution RCE due to unsafe Java deserialization of the jato.clientSession HTTP parameter. This...

com.itextpdf:bouncy-castle-fips-adapter (=9.6.0), org.openidentityplatform.opendj:opendj-cli (=4.10.2) +70 more potentially affected by CVE-2025-12194 via org.bouncycastle:bc-fips (=2.1.1)

org.bouncycastle:bc-fips MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.itextpdf:bouncy-castle-fips-adapter =9.6.0 - org.openidentityplatform.opendj:opendj-cli =4.10.2 -...

com.srcclr:srcclr-maven-plugin (>=3.1.23 <=3.1.25), org.keycloak:keycloak-crypto-fips1402 (>=19.0.0 <=25.0.6) +17 more potentially affected by CVE-2024-34447 via org.bouncycastle:bctls-fips (>=1.0.12.2 <=1.0.18)

org.bouncycastle:bctls-fips MAVEN version =1.0.12.2, =3.1.23, =19.0.0, =14.7.0.0, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.5.1, =4.6.3 and more Source cves: CVE-2024-34447 Source advisory:...