CVE-2025-64099 OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

CVE-2025-64099

OpenAM prior to version 16.0.0 is vulnerable when the claims_parameter_supported parameter is enabled. The oidc-claims-extension.groovy script allows injecting arbitrary values into claims in id_token and user_info via a crafted claims parameter JSON during an authorize request, enabling potentia...

EUVD-2025-131956

Open Access Management OpenAM is an access management solution. In versions prior to 16.0.0, if the "claimsparametersupported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one's choice into a claim contained in the idtoken or ...

PT-2025-46699

Name of the Vulnerable Software and Affected Versions Open Access Management OpenAM versions prior to 16.0.0 Description Open Access Management OpenAM contains a flaw where, if the claims parameter supported parameter is enabled, the "oidc-claims-extension.groovy" script allows injection of...

OpenAM 注入漏洞

OpenAM is an all-in-one access management solution organized by the OpenAM Consortium. It provides authentication, authorization, delegation, and federation capabilities. An injection vulnerability exists in Open Access Management OpenAM versions prior to 16.0.0 that stems from the...

EUVD-2018-1506

Malware in sbrugna...

EUVD-2019-15484

Malware in sbrugna...

EUVD-2014-7117

Malware in sbrugna...

EUVD-2016-1288

Malware in sbrugna...

EUVD-2017-2513

Malware in sbrugna...

EUVD-2025-26407

Malicious code in bioql PyPI...

EUVD-2022-53133

Malicious code in bioql PyPI...

EUVD-2023-26483

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-10873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenAM Open Source Edition allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2023-22320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenAM Web Policy Agent OpenAM Consortium Edition provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerabilityCWE-22...

CVE-2025-8662

OpenAM OpenAM Consortium Edition contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1...

CVE-2025-8662

OpenAM OpenAM Consortium Edition contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1...

CVE-2025-8662

OpenAM OpenAM Consortium Edition contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1...

CVE-2025-8662

OpenAM OpenAM Consortium Edition contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1...

CVE-2025-8662

OpenAM OpenAM Consortium Edition contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1...