Published: 2019/02/06  Last Updated: 2019/02/06

Information from OGIS-RI Co.,Ltd.

Vulnerability ID:JVN#43193964
Title:OpenAM (Open Source Edition) vulnerable to open redirect
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

The contents of the vulnerability are as follows.

In ThemiStruct-WAM version 5.0.0 to 5.1.1,
When a specially crafted request is sent to the OAuth 2 endpoint,
An open redirect vulnerability could lead you to a malicious site.

We provide information on this issue at the following URL

https://www.cs.themistruct.com/