VYPR
Vendor

OpenAMP

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2026-37540HigMay 1, 2026
    risk 0.55cvss 8.4epss 0.00

    OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq,…

  • CVE-2017-10873HigNov 2, 2017
    risk 0.53cvss 8.1epss 0.03

    OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods…

  • CVE-2016-10097HigJan 2, 2017
    risk 0.49cvss 7.5epss 0.02

    XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.

  • CVE-2026-45049higJun 23, 2026
    risk 0.45cvss epss

    ## Summary **Description** An Information Exposure Through Sent Data (CWE-201) issue in OpenAM's Cross-Domain Single Sign-On (CDSSO) servlet allows a logged-in user's raw OpenAM session token to be POSTed to an attacker-controlled URL. This impacts OpenAM Community Edition…

  • CVE-2026-44793lowJun 22, 2026
    risk 0.07cvss epss

    ## Summary Certain federation endpoints do not consistently apply output encoding when rendering user-supplied parameters into HTML responses. Under a non-default configuration used in some clustered deployments, this inconsistency can result in reflected XSS in the OpenAM…

  • CVE-2018-0696Feb 13, 2019
    risk 0.00cvss epss 0.01

    OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.

  • CVE-2019-5915Feb 13, 2019
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.