Lucene search

Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML

🗓️ 17 May 2022 03:17:38Reported by GitHub Advisory DatabaseType

Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML. PKIX trust engines trust candidate X.509 credentials when no trusted names are available for the entityID

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 15
Prion	Design/Logic Flaw	8 Jul 201515:59	–	prion
IBM Security Bulletins	Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)	25 Feb 202114:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Services is uses xmltooling-1.4.4.jar, which contains a vulnerability	25 Oct 202406:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities	18 Jul 201809:46	–	ibm
IBM Security Bulletins	Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2	7 May 202419:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ	20 Feb 202012:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)	11 Apr 202215:17	–	ibm
Cvelist	CVE-2015-1796	8 Jul 201515:00	–	cvelist
OSV	Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML	17 May 202203:38	–	osv
UbuntuCve	CVE-2015-1796	8 Jul 201500:00	–	ubuntucve

Vulners

Node

edu.internet2.middleware shibboleth-identityproviderRange≤2.4.3

org.opensaml opensamlRange≤2.6.4

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-1796
shibboleth	www.shibboleth.net/community/advisories/secadv_20150225.txt
rhn	www.rhn.redhat.com/errata/RHSA-2015-1176.html
rhn	www.rhn.redhat.com/errata/RHSA-2015-1177.html
github	www.github.com/advisories/GHSA-78fq-w796-q537

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2022 03:38Current

8.4High risk

Vulners AI Score8.4

CVSS24.3

EPSS0.00171

CWE-295