CVE-2018-0696

HIGH

Osstech Openam < 13.0.0-120 - Password Reset Weakness

Title source: rule

Description

OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.

References (3)

[Third Party Advisory] http://jvn.jp/en/jp/JVN49995005/index.html

[Permissions Required, Third Party Advisory] https://www.cs.themistruct.com/report/wam20181012

[Third Party Advisory] https://www.osstech.co.jp/support/am2018-4-1-en

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 48.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (1)

osstech/openam 13.0 - 13.0.0-120

Published Feb 13, 2019

Tracked Since Feb 18, 2026