VYPR
← All vendors
Vendor

OpenAM Consortium

Products
3
CVEs
3
Across products
3
Status
Private

Products

3

Recent CVEs

3
  • CVE-2026-45048higJun 23, 2026
    OpenAM Consortium
    OpenAM Community Edition
    risk 0.45cvss epss

    ## Summary Description An insufficient authorization (CWE-285) and information exposure (CWE-200) issue in OpenAM's session management endpoint allows a low-privileged authenticated user to retrieve active session credentials belonging to other users, including those with…

  • CVE-2023-22320Jan 10, 2023
    OpenAM Consortium
    OpenAM Web Policy Agent
    risk 0.00cvss epss 0.01

    OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly.

  • CVE-2022-31735Sep 15, 2022
    OpenAM Consortium
    OpenAM Consortium Edition
    risk 0.00cvss epss 0.00

    OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.