CVE-2017-10873

OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.
References
Link Resource
https://jvn.jp/en/jp/JVN79546124/ Third Party Advisory VDB Entry
https://www.cs.themistruct.com/ Third Party Advisory
https://www.osstech.co.jp/support/am2017-2-1-en Patch Vendor Advisory
https://jvn.jp/en/jp/JVN79546124/ Third Party Advisory VDB Entry
https://www.cs.themistruct.com/ Third Party Advisory
https://www.osstech.co.jp/support/am2017-2-1-en Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:osstech:openam:*:*:*:*:open_source:*:*:*
cpe:2.3:a:osstech:openam:*:*:*:*:open_source:*:*:*
cpe:2.3:a:osstech:openam:*:*:*:*:open_source:*:*:*

History

21 Nov 2024, 03:06

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN79546124/ - Third Party Advisory, VDB Entry () https://jvn.jp/en/jp/JVN79546124/ - Third Party Advisory, VDB Entry
References () https://www.cs.themistruct.com/ - Third Party Advisory () https://www.cs.themistruct.com/ - Third Party Advisory
References () https://www.osstech.co.jp/support/am2017-2-1-en - Patch, Vendor Advisory () https://www.osstech.co.jp/support/am2017-2-1-en - Patch, Vendor Advisory

Information

Published : 2017-11-02 15:29

Updated : 2024-11-21 03:06


NVD link : CVE-2017-10873

Mitre link : CVE-2017-10873

CVE.ORG link : CVE-2017-10873


JSON object : View

Products Affected

osstech

  • openam
CWE
CWE-287

Improper Authentication