[Japanese]
|
JVNDB-2018-000107
|
OpenAM (Open Source Edition) vulnerable to session management
|
OpenAM (Open Source Edition) contains a vulnerability in session management.
Yasushi Iwakata of Open Source Solution Technology Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
OpenAM Consortium
- OpenAM (Open Source Edition) 13.0 and later
|
|
A user who can login to the product may change the security questions and reset the login password.
|
[Apply the Patch]
Patch for this vulnerability has been released by OpenAM Consortium.
Apply the patch according to the information provided by OpenAM Consortium.
[Apply a Workaround]
The following workaround may mitigate the effects of this vulnerability.
* Disable the Security Questions function for password resetting
|
OpenAM Consortium
Open Source Solution Technology Corporation
OGIS-RI Co.,Ltd.
|
- Permissions(CWE-264) [IPA Evaluation]
|
- CVE-2018-0696
|
- JVN : JVN#49995005
- National Vulnerability Database (NVD) : CVE-2018-0696
|
- [2018/10/12]
Web page was published
- [2019/09/26]
References : Content was added
|