Lucene search
+L

1048 matches found

Github Security Blog
Github Security Blog
added 2018/10/18 4:56 p.m.33 views

High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS2.7AI score0.1073EPSS
Exploits0References12Affected Software5
OSV
OSV
added 2018/10/18 4:56 p.m.1 views

GHSA-W3GH-G32M-CVHR High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS7.1AI score0.1073EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/18 9:46 a.m.38 views

Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities

Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...

5.8CVSS0.9AI score0.09254EPSS
Exploits1Affected Software1
Prion
Prion
added 2018/07/05 1:29 p.m.16 views

Design/Logic Flaw

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

5CVSS7.5AI score0.1073EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2018/07/05 1:29 p.m.16 views

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS7.5AI score0.1073EPSS
Exploits0References10
OSV
OSV
added 2018/06/26 8:29 p.m.1 views

CVE-2018-1614

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270...

7.5CVSS5.8AI score0.02902EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/06/26 8:0 p.m.18 views

CVE-2018-1614

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270...

5.8CVSS7.3AI score0.02902EPSS
Exploits0References3
Veracode
Veracode
added 2018/05/25 6:37 a.m.21 views

Cross-site Scripting (XSS)

simplesamlphp is vulnerable to cross-site scripting XSS attacks. A malicious user can craft URLs that include Javascript to pass to another user for execution through the setConsentText function in the consentAdmin module. This vulnerability requires the consentAdmin module to be enabled and...

6.1CVSS6.4AI score0.012EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2018/05/23 7:1 a.m.23 views

Bypassing Signature Validation

simplesamlphp is vulnerable to bypassing signature validation. There is a flaw in signature verification on SAML assertions which allows construction of a crafted SAML assertion on behalf of an Identity Provider. Consequently, an attacker can impersonate a user from that Identity Provider...

7.5CVSS7.4AI score0.01262EPSS
Exploits0References3Affected Software2
Citrix
Citrix
added 2018/05/02 12:0 a.m.9 views

How To Deploy NetScaler as Both OAuth SP and IdP

Deploying the NetScaler, as both an OAuth Service Provider SP and IdP Identity Provider or OpenID Authenticator. This can be on the same NetScaler, or on two separate appliances...

7.2AI score
Exploits0
CNVD
CNVD
added 2018/04/24 12:0 a.m.4 views

Cisco Multiple Product Session Fixation Vulnerability

Cisco 3000 Series Industrial Security Appliances ISA are different series of security firewall appliances from Cisco.AnyConnect Secure Mobility Client, Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software are the software used in them.AnyConnect Secure Mobility Clien...

6.5CVSS6.9AI score0.03577EPSS
Exploits0References1
NVD
NVD
added 2018/04/19 8:29 p.m.25 views

CVE-2018-0229

A vulnerability in the implementation of Security Assertion Markup Language SAML Single Sign-On SSO authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software could allow an...

6.5CVSS6.6AI score0.03577EPSS
Exploits0References4
Prion
Prion
added 2018/04/19 8:29 p.m.22 views

Session fixation

A vulnerability in the implementation of Security Assertion Markup Language SAML Single Sign-On SSO authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software could allow an...

4.3CVSS6.6AI score0.03577EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2018/04/19 3:4 a.m.14 views

Incorrect Access Control

lightsaml/lightsaml is vulnerable to incorrect access control. The vulnerability exists in the signature validation found in readers of src/LightSaml/Model/XmlDSig/ that could allow a malicious user to impersonate other users from the Identity Provider...

7.5CVSS7.3AI score0.01268EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/04/18 7:29 p.m.20 views

CVE-2018-1000165

LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later...

7.5CVSS7.6AI score0.01268EPSS
Exploits0References2
Prion
Prion
added 2018/04/18 7:29 p.m.12 views

Improper access control

LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later...

5CVSS7.5AI score0.01268EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2018/04/18 12:0 a.m.6 views

PT-2018-1772 · Cisco · Cisco Ftd +2

Name of the Vulnerable Software and Affected Versions: Cisco AnyConnect Secure Mobility Client, Cisco Adaptive Security Appliance ASA Software, and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the implementation of Security Assertion...

6.5CVSS6.6AI score0.03577EPSS
Exploits0References8
Prion
Prion
added 2018/03/30 8:29 p.m.18 views

Directory traversal

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

7.5CVSS9.4AI score0.01598EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/03/30 8:29 p.m.9 views

CVE-2018-3822

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.8CVSS5.8AI score0.01598EPSS
Exploits0References1
NVD
NVD
added 2018/03/30 8:29 p.m.17 views

CVE-2018-3822

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary...

9.8CVSS9.5AI score0.01598EPSS
Exploits0References1
Rows per page
Query Builder