Find a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

Related vulnerabilities

GHSA-C556-Q2MH-477V

Vulnerability from github – Published: 2026-06-22 20:10 – Updated: 2026-06-22 20:10

Summary

OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`

Details

OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway.

The /sessionservice endpoint, used for internal session management operations, does not sufficiently restrict the URLs that authenticated users may register for session event notifications. Under certain conditions, this may result in outbound server-side requests to attacker-controlled destinations, potentially exposing session-related data.

This behavior results in a server-side request forgery (SSRF) vulnerability, where an authenticated attacker can trigger outbound requests to arbitrary destinations.

Credit

Discovered by JD-Security SHENYI Team

Severity

6.2 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 16.0.6"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.openidentityplatform.openam:openam-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "16.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44202"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-22T20:10:55Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway.\n\nThe `/sessionservice` endpoint, used for internal session management operations, does not sufficiently restrict the URLs that authenticated users may register for session event notifications. Under certain conditions, this may result in outbound server-side requests to attacker-controlled destinations, potentially exposing session-related data.\n\nThis behavior results in a **server-side request forgery (SSRF)** vulnerability, where an authenticated attacker can trigger outbound requests to arbitrary destinations.\n\n## Credit\n\nDiscovered by **JD-Security SHENYI Team**",
  "id": "GHSA-c556-q2mh-477v",
  "modified": "2026-06-22T20:10:55Z",
  "published": "2026-06-22T20:10:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-c556-q2mh-477v"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenIdentityPlatform/OpenAM"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenIdentityPlatform/OpenAM/releases/tag/16.1.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`"
}