Yasushi Iwakata

**Name of the Vulnerable Software and Affected Versions** OpenAM (Open Source Edition) versions prior to 13.0 **Description** The issue allows remote authenticated attackers to change security questions and reset the login password. **Recommendations** For versions prior to 13.0, update to version 13.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenAM (Open Source Edition) (affected versions not specified) **Description** The issue allows an attacker to bypass authentication and access unauthorized contents. This affects OpenAM implementations configured as SAML 2.0 IdP, where authentication methods are switched based on AuthnContext requests from the service provider. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.