Lucene search
CiscoCISCO-SA-LASSO-SAML-JUN2021-DOXNRLKDHistoryJun 01, 2021 - 12:30 p.m.
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021
2021-06-0112:30:00
tools.cisco.com
139
0.004 Low
EPSS
Percentile
73.4%
On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.
For a description of this vulnerability, see lasso.git NEWS [“https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0”].
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD”]
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco email security appliance (esa) | eq | any | |
| cisco email security appliance (esa) | eq | any |
Related
prion
prion
Design/Logic Flaw
2021-06-04 15:15:00
nessus
nessus
RHEL 8 : lasso (RHSA-2021:4325)
2021-11-11 00:00:00
EulerOS 2.0 SP2 : lasso (EulerOS-SA-2021-2393)
2021-09-14 00:00:00
Scientific Linux Security Update : lasso on SL7.x i686/x86_64 (2021:2989)
2021-08-03 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: lasso-2.7.0-1.fc33
2021-06-11 01:20:08
[SECURITY] Fedora 34 Update: lasso-2.7.0-1.fc34
2021-06-11 01:15:56
osv
osv
Moderate: lasso security and enhancement update
2021-11-09 09:01:05
lasso - security update
2021-06-10 00:00:00
Moderate: lasso security and enhancement update
2021-11-09 09:01:05
openvas
openvas
Debian: Security Advisory (DSA-4926-1)
2021-06-05 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2589-1)
2021-08-04 00:00:00
Fedora: Security Advisory for lasso (FEDORA-2021-508acb1153)
2021-06-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-28091
2021-06-01 00:00:00
redhat
redhat
(RHSA-2021:2989) Important: lasso security update
2021-08-02 14:32:12
(RHSA-2021:4325) Moderate: lasso security and enhancement update
2021-11-09 09:01:05
debian
debian
[SECURITY] [DSA 4926-1] lasso security update
2021-06-03 20:22:41
[SECURITY] [DLA 2684-1] lasso security update
2021-06-10 05:49:35
[SECURITY] [DSA 4926-1] lasso security update
2021-06-03 20:22:41
suse
suse
Security update for lasso (important)
2021-07-20 00:00:00
cve
cve
CVE-2021-28091
2021-06-04 15:15:00
amazon
amazon
Important: lasso
2021-06-16 20:37:00
Important: lasso
2021-09-02 22:54:00
akamaiblog
akamaiblog
Akamai EAA Impersonation Vulnerability - A Deep Dive
2021-06-01 13:00:30
Akamai EAA Impersonation Vulnerability - A Deep Dive
2021-06-01 04:00:00
SAML Implementation Vulnerability Impacting Some Akamai Services
2021-06-01 13:00:00
oraclelinux
oraclelinux
lasso security update
2021-08-02 00:00:00
lasso security and enhancement update
2021-11-16 00:00:00
debiancve
debiancve
CVE-2021-28091
2021-06-04 15:15:00
ubuntu
ubuntu
Lasso vulnerability
2021-06-02 00:00:00
rocky
rocky
lasso security and enhancement update
2021-11-09 09:01:05
almalinux
almalinux
Moderate: lasso security and enhancement update
2021-11-09 09:01:05
redhatcve
redhatcve
CVE-2021-28091
2021-06-01 14:19:14
cbl_mariner
cbl_mariner
CVE-2021-28091 affecting package lasso 2.6.0-25
2022-10-05 17:21:40
veracode
veracode
Insecure Cryptographic Function
2021-08-13 15:38:08
f5
f5
K02151228 : Lasso XML signature wrapping vulnerability CVE-2021-28091
2021-06-07 00:00:00
freebsd
freebsd
lasso -- signature checking failure
2021-06-01 00:00:00