simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
[
{
"product": "simplesamlphp",
"vendor": "simplesamlphp",
"versions": [
{
"status": "affected",
"version": "1.13.1-2"
}
]
}
]