OpenAM<=15.0.3 FreeMarker - Template Injection

OpenAM is an open access management solution. In versions 15.0.3 and prior, the getCustomLoginUrlTemplate method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input id: CVE-2024-41667 info: name: OpenAM=15.0.3 FreeMarker - Template Injection...

OpenAM <= 16.0.5 - Pre-Auth RCE via jato.clientSession Deserialization

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

LDAP Injection In OpenAM

OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration ca...

ForgeRock OpenAM <7.0 - Remote Code Execution

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...

Exploit for Deserialization of Untrusted Data in Openidentityplatform Openam

CVE-2026-33439 — OpenAM Pre-Auth RCE Echo Mode Command outp...

CVE-2026-33439

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

CVE-2026-33439

CVE-2026-33439 : OpenAM/OpenIdentityPlatform before 16.0.6 is vulnerable to pre-authentication remote code execution via unsafe Java deserialization of the jato.clientSession parameter. An unauthenticated attacker can send a crafted serialized Java object to any JATO ViewBean endpoint (e.g., Pass...

CVE-2026-33439 Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

CVE-2026-33439 Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM

Open Access Management OpenAM is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream...

OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM

Summary OpenIdentityPlatform OpenAM 16.0.5 and likely earlier versions is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream mitigation that was applied to the...

GHSA-2CQQ-RPVQ-G5QJ OpenIdentityPlatform OpenAM: Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM

Summary OpenIdentityPlatform OpenAM 16.0.5 and likely earlier versions is vulnerable to pre-authentication Remote Code Execution RCE via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the WhitelistObjectInputStream mitigation that was applied to the...

OpenAM 代码问题漏洞

OpenAM is an integrated access management solution developed by the OpenAM Consortium. It provides authentication, authorization, and federation features. Versions of OpenAM prior to 16.0.6 have code vulnerabilities due to an insecure Java deserialization issue with the jato.clientSession...

PT-2026-30917

Name of the Vulnerable Software and Affected Versions OpenIdentityPlatform OpenAM versions prior to 16.0.6 Description OpenIdentityPlatform OpenAM is susceptible to pre-authentication Remote Code Execution RCE due to unsafe Java deserialization of the jato.clientSession HTTP parameter. This...

CVE-2022-31735

OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability CWE-601. When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website...

CVE-2025-64099

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the oidc-claims-extension.groovy script when the claimsparametersupported parameter is enabled. An attacker can inject arbitrary values into claims returned in idtoken or userinfo by supplying a crafted JSON...

GHSA-39HR-239P-FHQC OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...

OpenAM: Using arbitrary OIDC requested claims values in id_token and user_info is allowed

Summary If the "claimsparametersupported" parameter is activated, it is possible through the "oidc-claims-extension.groovy" script, to inject the value of choice into a claim contained in the idtoken or in the userinfo. Authorization function requests do not prevent a claims parameter containing ...

CVE-2025-64099

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

CVE-2025-64099

OpenAM prior to version 16.0.0 is vulnerable when the claims_parameter_supported parameter is enabled. The oidc-claims-extension.groovy script allows injecting arbitrary values into claims in id_token and user_info via a crafted claims parameter JSON during an authorize request, enabling potentia...