CVE-2022-31735

Published: September 15, 2022 / Updated: December 8, 2022
Severity Rating: Medium
CVSS Score: 4.7
Affected Products: OpenAM 14.0.0

Description

OpenAM (OpenAM Consortium Edition) has an open redirect vulnerability in logout URL.

After performing some steps, accessing the logout URL with a malformed parameter can redirect the user to an arbitrary URL.

Impact

When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

Solution

Apply the patch according to the information provided by OpenAM Consortium.

Reference

https://github.com/openam-jp/openam/issues/259
https://www.cve.org/CVERecord?id=CVE-2022-31735
https://jvn.jp/en/vu/JVNVU99326969/