CVE-2023-22947

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt rather than...

PT-2023-18789 · Unknown · Shibboleth Service Provider

Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider SP versions prior to 3.4.1 Description: The issue concerns insecure folder permissions in the Windows installation path of Shibboleth Service Provider SP. This allows an unprivileged local attacker to escalate...