Maven package
org.openidentityplatform.openam/openam-federation-library
pkg:maven/org.openidentityplatform.openam/openam-federation-library
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45052 | cri | — | < 16.1.1 | 16.1.1 | Jun 24, 2026 | ## Summary **Description** An Improper Authorization (CWE-285) issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Disc | |
| CVE-2023-37471 | — | < 14.7.3 | 14.7.3 | Jul 20, 2023 | Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SA |
- affected < 16.1.1fixed 16.1.1
## Summary **Description** An Improper Authorization (CWE-285) issue in OpenAM's Liberty Web Services SOAP receiver allows an unauthenticated remote attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry, and into a shared root-realm Disc
- CVE-2023-37471Jul 20, 2023affected < 14.7.3fixed 14.7.3
Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SA