CVE-2018-0696
First published: Wed Feb 13 2019(Updated: )
OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenAM | >=13.0<=13.0.0-120 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0696?
CVE-2018-0696 is classified as a high severity vulnerability due to its potential to allow remote authenticated attackers to manipulate user accounts.
How do I fix CVE-2018-0696?
To fix CVE-2018-0696, update OpenAM to the latest version that is not affected, specifically versions beyond 13.0.0-120.
Who is affected by CVE-2018-0696?
CVE-2018-0696 affects all versions of OpenAM from 13.0 onwards up to version 13.0.0-120, allowing for session management exploitation.
What type of attackers can exploit CVE-2018-0696?
CVE-2018-0696 can be exploited by remote authenticated attackers who have valid access credentials.
What functionality is compromised by CVE-2018-0696?
CVE-2018-0696 compromises the session management functionality, allowing attackers to change security questions and reset passwords.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/osstech
- canonical/openam
- version/openam/13.0
- version/openam/13.0.0-120