{"vulnerability": "CVE-2024-41667", "sightings": [{"uuid": "af670582-dbe8-4529-af9a-0d104ac507a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41667", "type": "seen", "source": "https://t.me/cvedetector/1581", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-41667 - OpenAM Template Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-41667 \nPublished : July 24, 2024, 6:15 p.m. | 26\u00a0minutes ago \nDescription : OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default PingOne Advanced Identity Cloud login page,they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-24T20:49:53.000000Z"}, {"uuid": "674deff1-0efd-4f05-a4f6-04cb273cda8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-41667", "type": "seen", "source": "https://t.me/HackingInsights/8271", "content": "\u200aCVE-2024-41667: OpenAM Vulnerability Exposes Authentication Systems to Critical Risk\n\nhttps://securityonline.info/cve-2024-41667-openam-vulnerability-exposes-authentication-systems-to-critical-risk/", "creation_timestamp": "2024-08-01T10:18:46.000000Z"}]}