CVE-2025-64099
- EPSS 0.07%
- Veröffentlicht 12.11.2025 19:15:38
- Zuletzt bearbeitet 14.11.2025 16:42:30
Open Access Management (OpenAM) is an access management solution. In versions prior to 16.0.0, if the "claims_parameter_supported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the value of one...
CVE-2024-41667
- EPSS 69.86%
- Veröffentlicht 24.07.2024 18:15:05
- Zuletzt bearbeitet 21.11.2024 09:32:56
OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended...
CVE-2023-37471
- EPSS 0.75%
- Veröffentlicht 20.07.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:11:46
Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML respon...
CVE-2022-34298
- EPSS 45.07%
- Veröffentlicht 23.06.2022 17:15:18
- Zuletzt bearbeitet 21.11.2024 07:09:14
The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."