Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-04989
HistoryJan 12, 2022 - 12:00 a.m.

Apache Guacamole authorization issue vulnerability

2022-01-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
17

EPSS

0.001

Percentile

44.7%

Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.2.0 and 1.3.0, which stems from the failure of Apache Guacamole 1.2.0 and 1.3.0 to properly validate responses received from the SAML identity provider. If SAML support is enabled, this could allow a malicious user to impersonate another Guacamole user. No detailed vulnerability details are currently available.

EPSS

0.001

Percentile

44.7%