All 7 CVE vulnerabilities found in OpenAM, with AI-generated Chinese analysis, references, and POCs.
Vendor: Open Source Solution Technology Corporation
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33439 | Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM CWE-502 | 9.8AI | CriticalAI | 2026-04-07 |
| CVE-2025-64099 | OpenAM allows use of arbitrary OIDC requested claims values in id_token and user_info CWE-74 | 4.3 | - | 2025-11-12 |
| CVE-2025-8662 | OpenAM 安全漏洞 | 7.5AI | HighAI | 2025-09-02 |
| CVE-2024-41667 | OpenAM FreeMarker template injection CWE-94 | 8.8 | High | 2024-07-24 |
| CVE-2023-37471 | User impersonation using SAMLv1.x SSO in Open Access Management CWE-287 | 9.1 | Critical | 2023-07-20 |
| CVE-2018-0696 | ForgeRock OpenAM 权限许可和访问控制漏洞 | 8.8 | - | 2019-02-13 |
| CVE-2017-10873 | ForgeRock OpenAM 安全漏洞 | 8.1 | - | 2017-11-02 |
All 7 known CVE vulnerabilities affecting OpenAM with full Chinese analysis, references, and POCs where available.