CVE-2018-0696
OpenAM (Open Source Edition) 13.0 and later is affected by a session management vulnerability that lets an attacker with authentication change security questions and reset the user login password via unspecified vectors. The issue is in OpenAM’s session handling, and affected component is the ses...