CVE-2018-0696

high

Description

OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.

References

https://www.osstech.co.jp/support/am2018-4-1-en

https://www.cs.themistruct.com/report/wam20181012

http://jvn.jp/en/jp/JVN49995005/index.html

Details

Source: Mitre, NVD

Published: 2019-02-13

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High