Lucene search
K

3794 matches found

securityvulns
securityvulns
added 2013/03/24 12:0 a.m.45 views

CA20130319-01: Security Notice for SiteMinder products using SAML

-----BEGIN PGP SIGNED MESSAGE----- CA20130319-01: Security Notice for SiteMinder products using SAML Issued: March 19, 2013 CA Technologies support is alerting customers to a potential risk with certain CA SiteMinder products that implement Security Assertion Markup Language SAML. Multiple...

7.5CVSS6.6AI score0.01527EPSS
Exploits0
securityvulns
securityvulns
added 2013/03/24 12:0 a.m.44 views

CA SiteMinder privilege escalation

Invalid SAML signature verification...

7.5CVSS3.5AI score0.01527EPSS
Exploits0References1Affected Software3
NVD
NVD
added 2013/03/21 5:55 p.m.14 views

CVE-2013-2279

CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...

7.5CVSS6.8AI score0.01527EPSS
Exploits0References4
Prion
Prion
added 2013/03/21 5:55 p.m.16 views

Code injection

CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...

7.5CVSS7.4AI score0.01527EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/03/21 5:0 p.m.20 views

CVE-2013-2279

CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...

6.8AI score0.01527EPSS
Exploits0References4
CVE
CVE
added 2013/03/21 5:0 p.m.50 views

CVE-2013-2279

The CVE-2013-2279 issue affects CA SiteMinder Federation (FSS) 12.5/12.0 and r6, Federation Standalone 12.1/12.0, Agent for SharePoint 2010, and SiteMinder for Secure Proxy Server (6.0/12.0/12.5). Root cause: inadequate verification of XML signatures in SAML statements, enabling remote attackers ...

7.5CVSS7AI score0.01527EPSS
Exploits0References4Affected Software8
OSV
OSV
added 2013/01/01 3:55 p.m.9 views

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

6.9AI score
Exploits0References3
NVD
NVD
added 2013/01/01 3:55 p.m.11 views

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

7.5CVSS6.6AI score0.01552EPSS
Exploits0References3
OSV
OSV
added 2013/01/01 3:55 p.m.6 views

DEBIAN-CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

7.5CVSS6.7AI score0.01552EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/01/01 3:55 p.m.27 views

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

7.5CVSS5.9AI score0.01552EPSS
Exploits0References2
OSV
OSV
added 2013/01/01 3:55 p.m.4 views

UBUNTU-CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

7.5CVSS5.8AI score0.01552EPSS
Exploits0References3
Prion
Prion
added 2013/01/01 3:55 p.m.17 views

Information disclosure

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

7.5CVSS7.2AI score0.01552EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/01/01 3:0 p.m.20 views

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

6.6AI score0.01552EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2013/01/01 3:0 p.m.27 views

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data...

7.5CVSS6.5AI score0.01552EPSS
Exploits0
CVE
CVE
added 2013/01/01 3:0 p.m.45 views

CVE-2012-6426

CVE-2012-6426 affects LemonLDAP::NG prior to 1.2.3. The issue is that it does not use the Lasso library’s signature-verification capability, enabling remote attackers to bypass access-control restrictions through crafted SAML data. The description in connected records confirms the root cause and ...

7.5CVSS6.9AI score0.01552EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2012/10/09 11:55 p.m.19 views

CVE-2012-5353

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

5.8CVSS7AI score0.02154EPSS
Exploits0References2
NVD
NVD
added 2012/10/09 11:55 p.m.25 views

CVE-2012-5351

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

6.4CVSS9.4AI score0.05089EPSS
Exploits0References3
Prion
Prion
added 2012/10/09 11:55 p.m.17 views

Authentication flaw

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

6.4CVSS7AI score0.05999EPSS
Exploits1References3
Prion
Prion
added 2012/10/09 11:55 p.m.16 views

Authentication flaw

Java Open Single Sign-On Project Home JOSSO allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

5.8CVSS7.5AI score0.02518EPSS
Exploits0References4
Prion
Prion
added 2012/10/09 11:55 p.m.10 views

Authentication flaw

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

5.8CVSS7.5AI score0.02154EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder