Advisories for Maven/Org.openidentityplatform.openam/Openam-Core package

2026

OpenAM Authenticated Server-Side Request Forgery (SSRF) via `/sessionservice`

OpenAM (Open Identity Platform) is an open-source Identity and Access Management (IAM) platform derived from ForgeRock OpenAM, providing SSO, OAuth2, SAML, and OpenID Connect capabilities. It is widely deployed in enterprise environments as a central authentication gateway. The /sessionservice endpoint, used for internal session management operations, does not sufficiently restrict the URLs that authenticated users may register for session event notifications. Under certain conditions, this may result in outbound server-side …

2022