5 matches found
CVE-2022-26493
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...
CVE-2022-26493
creationtimestamp| type| source ---|---|--- 2022-06-03 22:26:46+00:00| seen| https://t.me/cibsecurity/43829...
CVE-2022-26493
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...
CVE-2022-26493
CVE-2022-26493 affects Xecurify’s miniOrange Drupal SAML SP modules (Premium, Standard, Enterprise) for Drupal 7, 8, and 9. The root cause is an authentication/authorization bypass via removing the SAML Assertion Signature, allowing an attacker who can intercept HTTP requests to impersonate exist...
CVE-2022-26493 miniOrange SAML Authentication Bypass
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...