Openam: Security Vulnerabilities
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-09-02
OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-10