On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.
For a description of this vulnerability, see lasso.git NEWS [“https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0”].
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD”]
CPE | Name | Operator | Version |
---|---|---|---|
cisco email security appliance (esa) | eq | any | |
cisco email security appliance (esa) | eq | any |