Lucene search

Ubuntu.comUB:CVE-2023-22320

HistoryJan 10, 2023 - 12:00 a.m.

CVE-2023-22320

2023-01-1000:00:00

ubuntu.com

openam web policy agent

urls

path traversal vulnerability

crafted url

cwe-22

evaluation vulnerability

openam consortium edition

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

60.8%

JSON

OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM
Consortium parses URLs improperly, leading to a path traversal
vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated
incorrectly.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchopenam< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	openam	< any	UNKNOWN

References

github.com/openam-jp/web-agents/issues/3

jvn.jp/en/vu/JVN91740661/

launchpad.net/bugs/cve/CVE-2023-22320

nvd.nist.gov/vuln/detail/CVE-2023-22320

security-tracker.debian.org/tracker/CVE-2023-22320

www.cve.org/CVERecord?id=CVE-2023-22320

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

60.8%

JSON

Related for UB:CVE-2023-22320