Code injection

2023-06-2219:15:00

PRIOn knowledge base

www.prio-n.com

code injection

topdesk v12.10.12

saml response manipulation

xml signature wrapping

single sign-on

identity provider

bad actors

credentials

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.4%

JSON

XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.

CPENameOperatorVersion
topdeskeq12.10.12

CPE	Name	Operator	Version
	topdesk	eq	12.10.12

References

char49.com/articles/topdesk-vulnerable-to-xml-signature-wrapping-attacks

my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=56a16ba1c2824e9a82655892ba75d3c0