Primary

Context

OpenAM Vulnerability in SAML IdP Functionality Due to Request Tampering

Vulnerability

Patched

A vulnerability in OpenAM (OpenAM Consortium Edition) versions 14.0.0 prior to 14.0.1 may disrupt its operation as a SAML Identity Provider (IdP) by allowing request tampering. This manipulation can interfere with OpenAM's internal caching, leading to improper SAML IdP functionality.

Impact

Request tampering can alter OpenAM's internal cache, causing disruptions in SAML IdP operations.

Remediation

Users are advised to update to OpenAM version 14.0.2, which addresses this vulnerability. For those using the 'Trust Circle' settings under 'Integration', only one trust circle should be configured as a temporary measure.

Added: Sep 2, 2025, 3:20 AM

Updated: Sep 2, 2025, 3:20 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenAM Vulnerability in SAML IdP Functionality Due to Request Tampering

Vulnerability

Impact

Remediation

Affected Products

OpenAM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating