CVE-2022-34298
MEDIUM5.3EPSS 45.1%NT auth module vulnerability in OpenAM
Published: 6/24/2022Modified: 11/8/2023
Description
The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."
Affected packages (1)
- Maven/org.openidentityplatform.openam:openam-corefrom 0, < 14.6.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-34298
- PATCHhttps://github.com/OpenIdentityPlatform/OpenAM
- WEBhttps://github.com/OpenIdentityPlatform/OpenAM/compare/14.6.5...14.6.6
- WEBhttps://github.com/OpenIdentityPlatform/OpenAM/pull/514
- WEBhttps://github.com/OpenIdentityPlatform/OpenAM/releases/tag/14.6.6