Openiam · Openam · CVE-2020-13422
**Name of the Vulnerable Software and Affected Versions**
OpenIAM versions prior to 4.2.0.3
**Description**
The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/*" endpoint. This means that users without proper permissions may be able to execute actions they should not have access to.
**Recommendations**
For versions prior to 4.2.0.3, update to version 4.2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/webconsole/rest/api/*" endpoint to minimize the risk of exploitation.