Overview
OpenAM has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-41667
- OpenAM versions: ~ 15.0.3 (inclusive)
Resolved Vulnerabilities
Template injection vulnerability due to user input (CVE-2024-41667)
Vulnerability Patches
Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-41667
- OpenAM version: 15.0.4
Referenced Sites
[1] CVE-2024-41667 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-41667
[2] OpenAM FreeMarker template injection
https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v
Article Link: OpenAM Security Update Advisory (CVE-2024-41667) – ASEC