Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
WARNING: Remote Code Execution vulnerability in OpenAM can be exploited to fully compromise the host. Patch immediately!
Image
Publié : 09/04/2026
- Last update: 08/04/2026
- Affected software: OpenIdentity Platform (OpenAM) prior to version 16.0.6
- Type: Remote Code Execution (RCE)
- CVE/CVSS: CVE-2026-33439: CVSS 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Sources
- Vendor Advisory: https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-2cqq-rpvq-g5qj
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-33439
Risks
Open Access Management (OpenAM) is an open-source access management solution used by organizations to centralize authentication, authorization, and single sign-on across web applications and services.
Succesfull exploitation of CVE-2026-33439 allows an unauthenticated remote attacker to execute arbitrary commands on the server hosting OpenAM. This may lead to unauthorized access to all data and credentials managed by or accessible from the affected server (Confidentiality), modification or deletion of application data and configurations (Integrity), and disruption or complete takeover of the access management service and dependent systems (Availability).
Description
The vulnerability resides in the deserialization handling of the jato.clientSession HTTP parameter. OpenAM fails to apply the same WhitelistObjectInputStream protection to this parameter that was introduced for the jato.pageSession parameter following CVE-2021-35464. As a result, any JATO ViewBean endpoint whose JSP page contains jato:form tags, including password reset pages, accepts and deserializes attacker-controlled Java objects without any form of validation. An unauthenticated attacker can send a crafted HTTP GET or POST request to any of these endpoints, triggering arbitrary command execution on the server. No authentication or prior access is required.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.