CVE-2023-22320

Description

OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly.

References

https://jvn.jp/en/vu/JVN91740661/

https://github.com/openam-jp/web-agents/issues/3

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS