What is CVE-2023-37471?

CVE-2023-37471 is a critical-severity vulnerability in Openidentityplatform Openam, classified under Improper Authentication. CVSS score: 9.1/10. Published 2023-07-20.

How severe is CVE-2023-37471?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2023-37471 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Openidentityplatform Openam

CVE-2023-37471

Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of…

Vulnerability class: Broken Authentication

EPSS: 0.016 (82.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Openidentityplatform Openam — versions < 14.7.3

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

Hzoid/NVDBuddy

References

https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-4mh8-9wq6-rjxg (x_refsource_CONFIRM)
https://github.com/OpenIdentityPlatform/OpenAM/pull/624 (x_refsource_MISC)
https://github.com/OpenIdentityPlatform/OpenAM/commit/7c18543d126e8a567b83bb4535631825aaa9d742 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-37471?: CVE-2023-37471 is a critical-severity vulnerability in Openidentityplatform Openam, classified under Improper Authentication. CVSS score: 9.1/10. Published 2023-07-20.
How severe is CVE-2023-37471?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2023-37471 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.