OpenAM Security Advisory #201505

Security vulnerabilities have been discovered in OpenAM components including the Core Server and Distributed Authentication Server (DAS). These issues are present in versions of OpenAM including 12.0.0, 11.0.x, 10.1.0-Xpress, 10.0.x, 9.x, and possibly previous versions.

This advisory provides guidance on how to ensure your deployments can be secured. Workarounds or patches are available for all of the issues, which are also included in the 12.0.1 maintenance release.

The maximum severity of issues in this advisory is Critical. Deployers should take immediate steps as outlined in this advisory and apply the relevant update(s) at the earliest opportunity.

The recommendation is to upgrade to OpenAM 12.0.1 or deploy the relevant patches. Patch bundles are available for the following versions:

– 10.0.2
– 11.0.3
– 12.0.0

Read more at – OpenAM Security Advisory #201505

Tags: IAM OpenSource, IAM Security Vulnerability, IAM Solutions

OpenAM Security Advisory #201505

Share this: