OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN79546124/ | Third Party Advisory VDB Entry |
https://www.cs.themistruct.com/ | Third Party Advisory |
https://www.osstech.co.jp/support/am2017-2-1-en | Patch Vendor Advisory |
https://jvn.jp/en/jp/JVN79546124/ | Third Party Advisory VDB Entry |
https://www.cs.themistruct.com/ | Third Party Advisory |
https://www.osstech.co.jp/support/am2017-2-1-en | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN79546124/ - Third Party Advisory, VDB Entry | |
References | () https://www.cs.themistruct.com/ - Third Party Advisory | |
References | () https://www.osstech.co.jp/support/am2017-2-1-en - Patch, Vendor Advisory |
Information
Published : 2017-11-02 15:29
Updated : 2024-11-21 03:06
NVD link : CVE-2017-10873
Mitre link : CVE-2017-10873
CVE.ORG link : CVE-2017-10873
JSON object : View
Products Affected
osstech
- openam
CWE
CWE-287
Improper Authentication