Vulnerability Description
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osstech | Openam | >= 9.5.5, <= 9.5.5-41 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN79546124/Third Party AdvisoryVDB Entry
- https://www.cs.themistruct.com/Third Party Advisory
- https://www.osstech.co.jp/support/am2017-2-1-enPatchVendor Advisory
- https://jvn.jp/en/jp/JVN79546124/Third Party AdvisoryVDB Entry
- https://www.cs.themistruct.com/Third Party Advisory
- https://www.osstech.co.jp/support/am2017-2-1-enPatchVendor Advisory
FAQ
What is CVE-2017-10873?
CVE-2017-10873 is a vulnerability with a CVSS score of 8.1 (HIGH). OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) imp...
How severe is CVE-2017-10873?
CVE-2017-10873 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-10873?
Check the references section above for vendor advisories and patch information. Affected products include: Osstech Openam.