Published:
2018/10/12
Last Updated:
2018/10/12
Information from Open Source Solution Technology Corporation
Vulnerability ID:JVN#49995005
Title:OpenAM (Open Source Edition) vulnerable to session management
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
An improper session management vulnerability in user self-service
Affected Version: OpenAM 13
CVSS Severity Level: Medium
A vulnerability caused by improper session management exists in
OpenAM. Users who can log in to OpenAM can rewrite secret questions
of other users and then change their passwords.
This vulnerability is exploitable when secret questions in the
self-service functionality is enabled
