CVE-2017-10873

Published: Nov 2, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.

Affected (3)

Products: Osstech: Openam

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Osstech Openam	From 11.0.0 to 11.0.0-112
Osstech Openam	From 13.0.0 to 13.0.0-73
Osstech Openam	From 9.5.5 to 9.5.5-41

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://jvn.jp/en/jp/JVN79546124/

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://www.cs.themistruct.com/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.osstech.co.jp/support/am2017-2-1-en

Source: vultures@jpcert.or.jp

PatchVendor Advisory

https://jvn.jp/en/jp/JVN79546124/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.cs.themistruct.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.osstech.co.jp/support/am2017-2-1-en

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.