Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RedhatCVE
RedhatCVEadded 2020/04/01 1:56 a.m.24 views

CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...

6.5CVSS4.6AI score0.02457EPSS
Exploits0References1
BDU FSTEC
BDU FSTECadded 2019/01/23 12:0 a.m.4 views

The vulnerability in the StaxParserUtil class of Picketlink software for managing security and application identification in Java applications allows a perpetrator to disclose protected information.

The vulnerability of the StaxParserUtil class in Picketlink software for managing security and application identification in Java applications is related to deficiencies in the processing of input data during SAML message analysis. Exploiting this vulnerability allows a malicious actor to disclos...

6.5CVSS6.7AI score0.02457EPSS
Exploits0References7Affected Software1
Veracode
Veracodeadded 2019/01/15 9:19 a.m.49 views

Information Disclosure

keycloak-saml-core is vulnerable to sensitive information disclosure. The attack exists because SAML messages are being parsed by replacing the string to obtain the attribute values with the system property in StaxParserUtil class. Therefore, attacker can just parse the chosen system property nam...

6.5CVSS6.1AI score0.02457EPSS
Exploits0References22Affected Software250
Github Security Blog
Github Security Blogadded 2018/10/18 4:49 p.m.73 views

keycloak-core discloses system properties

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2018/10/18 4:49 p.m.32 views

GHSA-C77R-6F64-478Q keycloak-core discloses system properties

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...

6.5CVSS6.4AI score0.02457EPSS
Exploits0References2
NVD
NVDadded 2018/07/26 5:29 p.m.38 views

CVE-2017-2582

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML...

6.5CVSS6.6AI score0.02457EPSS
Exploits0References20
Rows per page
Query Builder