Vulnerability Details : CVE-2018-0696
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
Products affected by CVE-2018-0696
- cpe:2.3:a:osstech:openam:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0696
0.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0696
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:P/I:N/A:N |
6.8
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2018-0696
-
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0696
-
http://jvn.jp/en/jp/JVN49995005/index.html
JVN#49995005: OpenAM (Open Source Edition) vulnerable to session managementThird Party Advisory
-
https://www.cs.themistruct.com/report/wam20181012
JPCERT/CCにて公開されたOpenAMに関する脆弱性に関しまして(JVN#49995005)(最終更新:2018/10/12 12:00) | ThemiStruct サポートサイトPermissions Required;Third Party Advisory
-
https://www.osstech.co.jp/support/am2018-4-1-en
Notice of OpenAM security vulnerability and product updates [AM20181012-1] - Open Source Solution Technology CorporationThird Party Advisory
Jump to