CNNVD-202511-1382 Information
CNNVD ID
CNNVD-202511-1382
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
OpenAM是OpenAM Consortium组织的一种一体化访问管理解决方案。提供身份验证、授权、授权和联合功能。 Open Access Management OpenAM 16.0.0之前版本存在注入漏洞,该漏洞源于claims_parameter_supported参数允许注入任意声明值,可能导致身份伪造。
Description (English)
OpenAM is an integrated access management solution for OpenAM Consortium. Provide identification, authorization, authorization and joint functions. There was an injection loophole in the previous version of Open Access Management OpenAM 16.0.0, which originated from the claims parameter supported parameters that allowed for the injection of arbitrary declarations, which could lead to identity forgery.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
OpenAM Consortium
Published
2025-11-12
Last Modified
2026-02-24
References
https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-39hr-239p-fhqc https://access.redhat.com/security/cve/cve-2025-64099
Patch
https://github.com/OpenIdentityPlatform/OpenAM/releases
Share on: