CVE-2018-0696

Опубликовано: 13 фев. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 3.5

EPSS Низкий

Описание

OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.

Ссылки

http://jvn.jp/en/jp/JVN49995005/index.html
Third Party Advisory
https://www.cs.themistruct.com/report/wam20181012
Permissions Required
Third Party Advisory
https://www.osstech.co.jp/support/am2018-4-1-en
Third Party Advisory
http://jvn.jp/en/jp/JVN49995005/index.html
Third Party Advisory
https://www.cs.themistruct.com/report/wam20181012
Permissions Required
Third Party Advisory
https://www.osstech.co.jp/support/am2018-4-1-en
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osstech:openam:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.0.0-120 (включая)

EPSS

Процентиль: 48%

0.00248

Низкий

7.5 High

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-640

Связанные уязвимости

GHSA-mp8r-jgrr-9j4x