PT-2019-8702 · Forgerock · Openam

Yasushi Iwakata

·

Published

2019-02-13

·

Updated

2019-02-22

·

CVE-2018-0696

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenAM (Open Source Edition) versions prior to 13.0
Description The issue allows remote authenticated attackers to change security questions and reset the login password.
Recommendations For versions prior to 13.0, update to version 13.0 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2018-0696

Affected Products

Openam