27 matches found
EUVD-2020-20470
Malware in sbrugna...
EUVD-2022-2952
Malicious code in bioql PyPI...
CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery SSRF due to insufficient restriction of the requesturi parameter. This allows attackers to interact with arbitrary third-party HTTP services...
CVE-2020-27978
Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session...
Security Bulletin: IBM Sterling Connect:Direct Web Services is uses xmltooling-1.4.4.jar, which contains a vulnerability
Summary IBM Sterling Connect:Direct Web Services uses Shibboleth Identity Provider, which could allow a remote attacker to bypass security restrictions. It's caused by an error in the PKIX trust component. Vulnerability Details CVEID:CVE-2015-1796 DESCRIPTION: Shibboleth Identity Provider could...
Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
GHSA-RM7V-GQFG-P2WC Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery SSRF due to insufficient restriction of the requesturi parameter. This allows attackers to interact with arbitrary third-party HTTP services...
CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery SSRF due to insufficient restriction of the requesturi parameter. This allows attackers to interact with arbitrary third-party HTTP services...
CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery SSRF due to insufficient restriction of the requesturi parameter. This allows attackers to interact with arbitrary third-party HTTP services...
CVE-2022-24129
The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery SSRF due to insufficient restriction of the requesturi parameter. This allows attackers to interact with arbitrary third-party HTTP services...
CVE-2022-24129
The vulnerability CVE-2022-24129 affects the Shibboleth Identity Provider OIDC OP plugin before version 3.0.4. Root cause: insufficient restriction of the request_uri parameter enables server-side request forgery (SSRF), allowing interaction with arbitrary third-party HTTP services. Impact is SSR...
Security Bulletin: IBM Resilient SOAR is using opensaml-2.6.4.jar that could be vulnerable to bypass security restrictions (CVE-2015-1796)
Summary opensaml-2.6.4.jar vulnerable to CVE-2015-1796, Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority...
Security Bulletin: Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty used by MobileFirst Platform Foundation
Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability.Man in the middle vulnerability CVE-2014-3603 affects Websphere Liberty and OpenLiberty Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: Shibboleth Identity Provider IdP and OpenSAML Java could allow a...
Security Bulletin: Vulnerabilities in Websphere Liberty and OpenLiberty
Summary There are vulnerabilities in Websphere Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and...
Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WAS vulnerability.
Summary Rational Asset Analyzer RAA has addressed the following vulnerability in WAS. Vulnerability Details CVEID: CVE-2014-3603 DESCRIPTION: The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that...
Code injection
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3603
The 1 HttpResource and 2 FileBackedHttpResource implementations in Shibboleth Identity Provider IdP before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
CVE-2014-3603
CVE-2014-3603 involves improper hostname verification in Shibboleth IdP (HttpResource/FileBackedHttpResource) and OpenSAML Java 2.6.2, allowing MITM spoofing of SSL with arbitrary valid certs. IBM/Liberty-focused advisories confirm affected products and versions: Liberty for Java 3.37 and earlier...
Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities
Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...