CVE-2016-10097
N/A
N/A
Summary
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/95174
- http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html
- https://twitter.com/h02332/status/816252923688665088
References
- http://www.securityfocus.com/bid/95174
- http://www.cloudscan.me/2016/03/xxe-dork-open-am-1010-xml-injection.html
- https://twitter.com/h02332/status/816252923688665088
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.