Lucene search

K
cvelistApacheCVELIST:CVE-2021-43999
HistoryJan 11, 2022 - 10:10 p.m.

CVE-2021-43999 Improper validation of SAML responses

2022-01-1122:10:12
CWE-287
apache
www.cve.org
1

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.7%

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

CNA Affected

[
  {
    "product": "Apache Guacamole",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.3.0"
      },
      {
        "status": "affected",
        "version": "1.2.0"
      }
    ]
  }
]

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.7%