3 matches found
CVE-2022-34298
OpenAM before 14.6.6 is affected by a vulnerability in the NT auth module that enables a "replace Samba username attack." Multiple sources (Veracode and Red Hat) describe privilege escalation via the userPassword parameter in the process function, enabling an authenticated local attacker to manip...
CVE-2023-37471
OpenAM up to version 14.7.2 is vulnerable to user impersonation due to improper validation of SAML responses in SAMLv1.x SSO. An attacker can impersonate any OpenAM user (including admin) by sending a crafted SAML response to the SAMLPOSTProfileServlet. A fix is available in OpenAM 14.7.3-SNAPSHO...
CVE-2026-33439
CVE-2026-33439 : OpenAM/OpenIdentityPlatform before 16.0.6 is vulnerable to pre-authentication remote code execution via unsafe Java deserialization of the jato.clientSession parameter. An unauthenticated attacker can send a crafted serialized Java object to any JATO ViewBean endpoint (e.g., Pass...