Vulnerabilites related to osstech - openam
Vulnerability from fkie_nvd
Published
2019-02-13 18:29
Modified
2024-11-21 04:45
Severity ?
Summary
Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN43193964/index.html | Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.cs.themistruct.com/ | Permissions Required, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.osstech.co.jp/support/am2019-1-1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN43193964/index.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cs.themistruct.com/ | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.osstech.co.jp/support/am2019-1-1 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osstech:openam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE8845A-346B-4408-B33E-0FCF2E5957F9",
"versionEndIncluding": "13.0.0-137",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta en OpenAM (Open Source Edition) 13.0 permite que los atacantes remotos redirijan a los usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante una p\u00e1gina especialmente manipulada."
}
],
"id": "CVE-2019-5915",
"lastModified": "2024-11-21T04:45:44.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-13T18:29:01.043",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN43193964/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.cs.themistruct.com/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.osstech.co.jp/support/am2019-1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN43193964/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.cs.themistruct.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.osstech.co.jp/support/am2019-1-1"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-15 05:15
Modified
2024-11-21 07:05
Severity ?
Summary
OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://github.com/openam-jp/openam/issues/259 | Issue Tracking, Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU99326969/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/openam-jp/openam/issues/259 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU99326969/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osstech:openam:*:*:*:*:consortium:*:*:*",
"matchCriteriaId": "1E5893F0-D7DF-46D8-A751-E965D6ADAC4A",
"versionEndIncluding": "13.0.0-183",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osstech:openam:*:*:*:*:consortium:*:*:*",
"matchCriteriaId": "893EC9F5-1FF1-41C2-9C41-B5B2697B15DE",
"versionEndIncluding": "14.2.0-2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website."
},
{
"lang": "es",
"value": "OpenAM Consortium Edition versi\u00f3n 14.0.0, contiene una vulnerabilidad de redireccionamiento abierto (CWE-601). Cuando es accedido a un servidor afectado mediante alguna URL especialmente dise\u00f1ada, el usuario puede ser redirigido a un sitio web arbitrario"
}
],
"id": "CVE-2022-31735",
"lastModified": "2024-11-21T07:05:11.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-15T05:15:08.883",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openam-jp/openam/issues/259"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99326969/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/openam-jp/openam/issues/259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU99326969/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-02 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN79546124/ | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://www.cs.themistruct.com/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.osstech.co.jp/support/am2017-2-1-en | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN79546124/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cs.themistruct.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.osstech.co.jp/support/am2017-2-1-en | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osstech:openam:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "92D277D6-F0B8-4CA0-9413-3873D4412EC1",
"versionEndIncluding": "9.5.5-41",
"versionStartIncluding": "9.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osstech:openam:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "861FEB9D-6CBF-4AA8-8A18-811CDC9C8C65",
"versionEndIncluding": "11.0.0-112",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osstech:openam:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "7E1CC3FF-812B-4562-A2C7-04CF6086EA79",
"versionEndIncluding": "13.0.0-73",
"versionStartIncluding": "13.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider."
},
{
"lang": "es",
"value": "OpernAM (Open Source Edition) permite que un atacante omita la autenticaci\u00f3n y acceda a contenidos no autorizados mediante vectores no especificados. N\u00f3tese que esta vulnerabilidad afecta a las implementaciones de OpenAM (Open Source Edition) configuradas como SAML 2.0ldP y cambia los m\u00e9todos de autenticaci\u00f3n en base a las peticiones AuthnContext enviadas desde el proveedor del servicio."
}
],
"id": "CVE-2017-10873",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-02T15:29:00.290",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN79546124/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cs.themistruct.com/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN79546124/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cs.themistruct.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-13 18:29
Modified
2024-11-21 03:38
Severity ?
Summary
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN49995005/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.cs.themistruct.com/report/wam20181012 | Permissions Required, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.osstech.co.jp/support/am2018-4-1-en | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN49995005/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cs.themistruct.com/report/wam20181012 | Permissions Required, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.osstech.co.jp/support/am2018-4-1-en | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osstech:openam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A554DB6-118C-408A-BF84-80DE886F86A5",
"versionEndIncluding": "13.0.0-120",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
},
{
"lang": "es",
"value": "OpenAM (Open Source Edition), en versiones 13.0 y siguientes, no gestiona las sesiones correctamente, lo que permite que los atacantes autenticados remotos cambien las preguntas de seguridad y restablezcan la contrase\u00f1a de inicio de sesi\u00f3n mediante vectores sin especificar."
}
],
"id": "CVE-2018-0696",
"lastModified": "2024-11-21T03:38:45.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-13T18:29:00.247",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201711-0036
Vulnerability from variot
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. LG devices based on Android are all smart devices based on the Android platform of South Korea's LG Group.
SystemUI application intents is one of the system applications.
SystemUI application intents in LG products based on platforms from Android 6.0 to 8.1 have security vulnerabilities that result from incorrect access control performed by the program. Remote attackers can use this vulnerability to bypass security restrictions and gain access to SystemUI applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openam",
"scope": "gte",
"trust": 1.0,
"vendor": "osstech",
"version": "11.0.0"
},
{
"model": "openam",
"scope": "lte",
"trust": 1.0,
"vendor": "osstech",
"version": "13.0.0-73"
},
{
"model": "openam",
"scope": "gte",
"trust": 1.0,
"vendor": "osstech",
"version": "13.0.0"
},
{
"model": "openam",
"scope": "lte",
"trust": 1.0,
"vendor": "osstech",
"version": "11.0.0-112"
},
{
"model": "openam",
"scope": "gte",
"trust": 1.0,
"vendor": "osstech",
"version": "9.5.5"
},
{
"model": "openam",
"scope": "lte",
"trust": 1.0,
"vendor": "osstech",
"version": "9.5.5-41"
},
{
"model": "openam",
"scope": "eq",
"trust": 0.8,
"vendor": "open source solution",
"version": "(open source edition)"
},
{
"model": "android",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "6.0"
},
{
"model": "devices based on android",
"scope": "gte",
"trust": 0.6,
"vendor": "lg",
"version": "6.0,\u003c=8.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.6,
"vendor": "google",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x500"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x400"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x300"
},
{
"model": "q8",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "q6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v30"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v20"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "v10"
},
{
"model": "g6",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "g5",
"scope": null,
"trust": 0.6,
"vendor": "lg",
"version": null
},
{
"model": "cam",
"scope": "eq",
"trust": 0.6,
"vendor": "lg",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:open_source_solution_technology:openam",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
}
]
},
"cve": "CVE-2017-10873",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-10873",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000231",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-28449",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-10873",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000231",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-10873",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000231",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-28449",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-084",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. LG devices based on Android are all smart devices based on the Android platform of South Korea\u0027s LG Group. \r\n\r\nSystemUI application intents is one of the system applications. \n\r\n\r\nSystemUI application intents in LG products based on platforms from Android 6.0 to 8.1 have security vulnerabilities that result from incorrect access control performed by the program. Remote attackers can use this vulnerability to bypass security restrictions and gain access to SystemUI applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10873"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10873",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN79546124",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28449",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"id": "VAR-201711-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
],
"trust": 1.1288461399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
}
]
},
"last_update_date": "2024-11-23T21:40:11.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fix Session Upgrade bypass at SAML IdP",
"trust": 0.8,
"url": "https://github.com/osstech-jp/openam/commit/3a27ed18e2b3e468a85a0ff7965d2c1f769ea9c6"
},
{
"title": "Information from OGIS-RI Co.,Ltd.",
"trust": 0.8,
"url": "http://jvn.jp/en/jp/JVN79546124/996125/index.html"
},
{
"title": "Notice of OpenAM security vulnerability and product updates [AM20171101-1]",
"trust": 0.8,
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
},
{
"title": "Patch for LG product SystemUI application intents access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217695"
},
{
"title": "ForgeRock OpenAM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76087"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
},
{
"trust": 1.6,
"url": "https://www.cs.themistruct.com/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn79546124/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10873"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10873"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn79546124/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"date": "2017-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"date": "2017-11-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"date": "2017-11-02T15:29:00.290000",
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28449"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000231"
},
{
"date": "2021-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-084"
},
{
"date": "2024-11-21T03:06:40.300000",
"db": "NVD",
"id": "CVE-2017-10873"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenAM (Open Source Edition) vulnerable to authentication bypass",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000231"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-084"
}
],
"trust": 0.6
}
}
CVE-2019-5915 (GCVE-0-2019-5915)
Vulnerability from cvelistv5
Published
2019-02-13 18:00
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect
Summary
Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cs.themistruct.com/ | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN43193964/index.html | third-party-advisory, x_refsource_JVN | |
| https://www.osstech.co.jp/support/am2019-1-1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenAM Consortium | OpenAM (Open Source Edition) |
Version: 13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.themistruct.com/"
},
{
"name": "JVN#43193964",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN43193964/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.osstech.co.jp/support/am2019-1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenAM (Open Source Edition)",
"vendor": "OpenAM Consortium",
"versions": [
{
"status": "affected",
"version": "13"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.themistruct.com/"
},
{
"name": "JVN#43193964",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN43193964/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.osstech.co.jp/support/am2019-1-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenAM (Open Source Edition)",
"version": {
"version_data": [
{
"version_value": "13"
}
]
}
}
]
},
"vendor_name": "OpenAM Consortium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cs.themistruct.com/",
"refsource": "MISC",
"url": "https://www.cs.themistruct.com/"
},
{
"name": "JVN#43193964",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43193964/index.html"
},
{
"name": "https://www.osstech.co.jp/support/am2019-1-1",
"refsource": "MISC",
"url": "https://www.osstech.co.jp/support/am2019-1-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5915",
"datePublished": "2019-02-13T18:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0696 (GCVE-0-2018-0696)
Vulnerability from cvelistv5
Published
2019-02-13 18:00
Modified
2024-08-05 03:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fails to manage sessions
Summary
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN49995005/index.html | third-party-advisory, x_refsource_JVN | |
| https://www.cs.themistruct.com/report/wam20181012 | x_refsource_MISC | |
| https://www.osstech.co.jp/support/am2018-4-1-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenAM Consortium | OpenAM |
Version: 13.0 and later |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#49995005",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenAM",
"vendor": "OpenAM Consortium",
"versions": [
{
"status": "affected",
"version": "13.0 and later"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to manage sessions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-13T17:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#49995005",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenAM",
"version": {
"version_data": [
{
"version_value": "13.0 and later"
}
]
}
}
]
},
"vendor_name": "OpenAM Consortium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to manage sessions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#49995005",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49995005/index.html"
},
{
"name": "https://www.cs.themistruct.com/report/wam20181012",
"refsource": "MISC",
"url": "https://www.cs.themistruct.com/report/wam20181012"
},
{
"name": "https://www.osstech.co.jp/support/am2018-4-1-en",
"refsource": "MISC",
"url": "https://www.osstech.co.jp/support/am2018-4-1-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0696",
"datePublished": "2019-02-13T18:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:49.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31735 (GCVE-0-2022-31735)
Vulnerability from cvelistv5
Published
2022-09-15 04:25
Modified
2024-08-03 07:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - Open Redirect
Summary
OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openam-jp/openam/issues/259 | x_refsource_CONFIRM | |
| https://jvn.jp/en/vu/JVNVU99326969/ | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenAM consortium | OpenAM (OpenAM Consortium Edition) |
Version: 14.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:26:01.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openam-jp/openam/issues/259"
},
{
"name": "OpenAM (OpenAM Consortium Edition) vulnerable to open redirect",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99326969/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenAM (OpenAM Consortium Edition)",
"vendor": "OpenAM consortium",
"versions": [
{
"status": "affected",
"version": "14.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T04:25:08",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openam-jp/openam/issues/259"
},
{
"name": "OpenAM (OpenAM Consortium Edition) vulnerable to open redirect",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/vu/JVNVU99326969/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-31735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenAM (OpenAM Consortium Edition)",
"version": {
"version_data": [
{
"version_value": "14.0.0"
}
]
}
}
]
},
"vendor_name": "OpenAM consortium"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: Open Redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openam-jp/openam/issues/259",
"refsource": "CONFIRM",
"url": "https://github.com/openam-jp/openam/issues/259"
},
{
"name": "OpenAM (OpenAM Consortium Edition) vulnerable to open redirect",
"refsource": "JVN",
"url": "https://jvn.jp/en/vu/JVNVU99326969/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-31735",
"datePublished": "2022-09-15T04:25:08",
"dateReserved": "2022-09-14T00:00:00",
"dateUpdated": "2024-08-03T07:26:01.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10873 (GCVE-0-2017-10873)
Vulnerability from cvelistv5
Published
2017-11-02 15:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authentication bypass
Summary
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cs.themistruct.com/ | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN79546124/ | third-party-advisory, x_refsource_JVN | |
| https://www.osstech.co.jp/support/am2017-2-1-en | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Open Source Solution Technology Corporation | OpenAM |
Version: Open Source Edition |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cs.themistruct.com/"
},
{
"name": "JVN#97243511",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN79546124/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenAM",
"vendor": "Open Source Solution Technology Corporation",
"versions": [
{
"status": "affected",
"version": "Open Source Edition"
}
]
}
],
"datePublic": "2017-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cs.themistruct.com/"
},
{
"name": "JVN#97243511",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN79546124/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenAM",
"version": {
"version_data": [
{
"version_value": "Open Source Edition"
}
]
}
}
]
},
"vendor_name": "Open Source Solution Technology Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cs.themistruct.com/",
"refsource": "MISC",
"url": "https://www.cs.themistruct.com/"
},
{
"name": "JVN#97243511",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN79546124/"
},
{
"name": "https://www.osstech.co.jp/support/am2017-2-1-en",
"refsource": "MISC",
"url": "https://www.osstech.co.jp/support/am2017-2-1-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10873",
"datePublished": "2017-11-02T15:00:00",
"dateReserved": "2017-07-04T00:00:00",
"dateUpdated": "2024-08-05T17:50:12.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}