Lucene search

Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET

🗓️ 22 Apr 2020 20:37:59Reported by GitHub Advisory DatabaseType

Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET. Saml2 tokens treated as bearer token

Reporter	Title	Published	Views	Family All 9
NVD	CVE-2020-5268	21 Apr 202017:15	–	nvd
OSV	CVE-2020-5268	21 Apr 202017:15	–	osv
OSV	Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET	22 Apr 202020:59	–	osv
CNVD	Unspecified Vulnerability in Saml2 Authentication services for ASP.NET	22 Apr 202000:00	–	cnvd
CVE	CVE-2020-5268	21 Apr 202017:15	–	cve
Cvelist	CVE-2020-5268 Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET	21 Apr 202015:30	–	cvelist
Veracode	Authorization Bypass	22 Apr 202005:43	–	veracode
Prion	Session fixation	21 Apr 202017:15	–	prion
IBM Security Bulletins	Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential code injection vulnerability (CVE-2020-5268)	15 Apr 202100:12	–	ibm

Vulners

Node

sustainsys.saml2Range2.0.0–2.7.0

sustainsys.saml2Range<1.0.2

Source	Link
github	www.github.com/Sustainsys/Saml2/security/advisories/GHSA-9475-xg6m-j7pw
github	www.github.com/Sustainsys/Saml2/issues/712
github	www.github.com/Sustainsys/Saml2/commit/e58e0a1aff2b1ead6aca080b7cdced55ee6d5241
nuget	www.nuget.org/packages/Sustainsys.Saml2/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-5268
github	www.github.com/advisories/GHSA-9475-xg6m-j7pw

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Apr 2020 20:59Current

1.8Low risk

Vulners AI Score1.8

CVSS24.9

CVSS36.5 - 7.3

EPSS0.00226

CWE-303