CVE-2023-22320
Published:
Severity Rating:
CVSS Score:
Affected Products:
January 10, 2023
/
Updated: April 6, 2023
Severity Rating:
High
CVSS Score:
7.5
Affected Products:
OpenAM Web Policy Agent 4.1.0
Description
OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability.
Furthermore, a crafted URL may be evaluated incorrectly.
Impact
Arbitrary files outside the document root on the server may be accessed by an attacker.
A protected resource may be accessed via some crafted URL.
Solution
Apply the patch according to the information provided by OpenAM Consortium.
Workaround
Detect and drop malicious requests using WAF (Web Application Firewall) or IPS (Intrusion Prevention System).