threat
engine
.sh
Back
·
··:··
Home
/
Product
/
forgerock openam
Product
forgerock openam
15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-33439
< 16.0.6
Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulnerable to pr
9.8
CRITICAL
CVE-2025-8662
>= 14.0.0 and < 14.0.2
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered reque
4.3
MEDIUM
CVE-2023-37471
< 14.7.3
Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Ent
9.1
CRITICAL
CVE-2023-22320
all versions
OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traver
7.5
HIGH
CVE-2022-31735
>= 13.0.0 and <= 13.0.0-183
OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When acc
6.1
MEDIUM
CVE-2022-34298
< 14.6.6
The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."
5.3
MEDIUM
CVE-2021-35464
>= 9.0.0 and < 14.6.3
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The e
9.8
CRITICAL
CVE-2021-29156
< 13.5.1
ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perf
7.5
HIGH
CVE-2017-14395
>= 13.5.0 and <= 13.5.1
Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does no
6.1
MEDIUM
CVE-2017-14394
>= 13.5.0 and <= 13.5.1
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does n
6.1
MEDIUM
CVE-2019-5915
>= 13.0 and <= 13.0.0-137
Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites
6.1
MEDIUM
CVE-2018-0696
>= 13.0 and <= 13.0.0-120
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to chan
7.5
HIGH
CVE-2017-10873
>= 9.5.5 and <= 9.5.5-41
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors.
8.1
HIGH
CVE-2016-10097
all versions
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote att
7.5
HIGH
CVE-2014-7246
all versions
The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin