Published:2023/01/10  Last Updated:2023/01/25

JVNVU#91740661
OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal

Overview

OpenAM Web Policy Agent (OpenAM Consortium Edition) contains a path traversal vulnerability.

Products Affected

  • OpenAM Web Policy Agent (OpenAM Consortium Edition) version 4.1.0

Description

OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability (CWE-22).
Furthermore, a crafted URL may be evaluated incorrectly.

Impact

Arbitrary files outside the document root on the server may be accessed by an attacker.
A protected resource may be accessed via some crafted URL.

Solution

Apply Patches
Apply the appropriate patches according to the information provided by the developer.

Apply Workaround
Detect and drop malicious requests using WAF (Web Application Firewall) or IPS (Intrusion Prevention System).

Vendor Status

Vendor Status Last Update Vendor Notes
OSSTech Corporation Not Vulnerable 2023/01/10 OSSTech Corporation website
Rakuten Mobile, Inc. Not Vulnerable 2023/01/25
Vendor Link
OpenAM Consortium issue#3: CVE-2023-22320
web-agents repository

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score: 7.5
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score: 5.0
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and OpenAM Consortium coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-22320
JVN iPedia

Update History

2023/01/10
OSSTech Corporation update status
2023/01/25
Rakuten Mobile, Inc. update status