1048 matches found
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...
GHSA-W3GH-G32M-CVHR High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...
Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities
Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...
Design/Logic Flaw
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...
CVE-2018-8038
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...
CVE-2018-1614
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270...
CVE-2018-1614
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270...
Cross-site Scripting (XSS)
simplesamlphp is vulnerable to cross-site scripting XSS attacks. A malicious user can craft URLs that include Javascript to pass to another user for execution through the setConsentText function in the consentAdmin module. This vulnerability requires the consentAdmin module to be enabled and...
Bypassing Signature Validation
simplesamlphp is vulnerable to bypassing signature validation. There is a flaw in signature verification on SAML assertions which allows construction of a crafted SAML assertion on behalf of an Identity Provider. Consequently, an attacker can impersonate a user from that Identity Provider...
How To Deploy NetScaler as Both OAuth SP and IdP
Deploying the NetScaler, as both an OAuth Service Provider SP and IdP Identity Provider or OpenID Authenticator. This can be on the same NetScaler, or on two separate appliances...
Cisco Multiple Product Session Fixation Vulnerability
Cisco 3000 Series Industrial Security Appliances ISA are different series of security firewall appliances from Cisco.AnyConnect Secure Mobility Client, Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software are the software used in them.AnyConnect Secure Mobility Clien...
CVE-2018-0229
A vulnerability in the implementation of Security Assertion Markup Language SAML Single Sign-On SSO authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software could allow an...
Session fixation
A vulnerability in the implementation of Security Assertion Markup Language SAML Single Sign-On SSO authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software could allow an...
Incorrect Access Control
lightsaml/lightsaml is vulnerable to incorrect access control. The vulnerability exists in the signature validation found in readers of src/LightSaml/Model/XmlDSig/ that could allow a malicious user to impersonate other users from the Identity Provider...
CVE-2018-1000165
LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later...
Improper access control
LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later...
PT-2018-1772 · Cisco · Cisco Ftd +2
Name of the Vulnerable Software and Affected Versions: Cisco AnyConnect Secure Mobility Client, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the implementation of Security Assertion...
Directory traversal
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
CVE-2018-3822
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...
CVE-2018-3822
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...