OpenAM Security Update Advisory (CVE-2024-41667)

Overview

 

OpenAM has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.

 

Affected Products

CVE-2024-41667

  • OpenAM versions: ~ 15.0.3 (inclusive)

 

 

Resolved Vulnerabilities

 

Template injection vulnerability due to user input (CVE-2024-41667)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-41667

  • OpenAM version: 15.0.4

 

 

Referenced Sites

 

[1] CVE-2024-41667 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41667

[2] OpenAM FreeMarker template injection

https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v

Article Link: OpenAM Security Update Advisory (CVE-2024-41667) – ASEC