4 matches found
CVE-2022-31735
OpenAM Consortium Edition 14.0.0 contains an open redirect (CWE-601). Affected behavior occurs when a user visits a specially crafted URL, potentially redirecting to an arbitrary website. Documented impacts include phishing risk via unintended site redirection. Connected sources confirm the issue...
CVE-2017-10873
OpenAM (Open Source Edition) is affected by an authentication bypass vulnerability when configured as a SAML 2.0 IdP. The issue arises from how authentication methods are chosen based on AuthnContext requests from the service provider, allowing an attacker to bypass authentication and access unau...
CVE-2018-0696
OpenAM (Open Source Edition) 13.0 and later is affected by a session management vulnerability that lets an attacker with authentication change security questions and reset the user login password via unspecified vectors. The issue is in OpenAM’s session handling, and affected component is the ses...
CVE-2019-5915
OpenAM (Open Source Edition) 13.0 is affected by CVE-2019-5915, a open redirect vulnerability. A specially crafted page can cause users to be redirected to arbitrary websites, enabling phishing. Root cause is an open redirect in the OpenAM 13.0 flow. Mitigation: apply the patch released by the Op...