VYPR

Openam

by Openidentityplatform

Source repositories

CVEs (3)

  • CVE-2026-33439CriApr 7, 2026
    risk 0.58cvss 9.8epss 0.10

    Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pre-authentication Remote Code Execution (RCE) via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypasses the…

  • CVE-2024-41667HigJul 24, 2024
    risk 0.50cvss 8.8epss 0.04

    OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL…

  • CVE-2023-37471Jul 20, 2023
    risk 0.00cvss epss 0.01

    Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the…