Lucene search
+L

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:7 p.m.5 views

CVE-2021-33054

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. Only versions after 2.0.5a are affected...

7.5CVSS7AI score0.00987EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/01/02 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2022-0481)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.00987EPSS
Exploits0References5
OSV
OSV
added 2022/12/30 10:39 p.m.5 views

MGASA-2022-0481 Updated sogo packages fix security vulnerability

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...

7.5CVSS7.4AI score0.00987EPSS
Exploits0References4
Mageia
Mageia
added 2022/12/30 10:39 p.m.64 views

Updated sogo packages fix security vulnerability

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...

7.5CVSS3.9AI score0.00987EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/12/23 12:0 a.m.17 views

Debian: Security Advisory (DSA-5029-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.00987EPSS
Exploits0References4
Debian
Debian
added 2021/07/12 8:0 p.m.75 views

[SECURITY] [DLA 2707-1] sogo security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2707-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky July 12, 2021 https://wiki.debian.org/LTS -...

7.5CVSS7.6AI score0.00987EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/06/07 12:0 a.m.19 views

SOGo < 2.4.1, 3.x < 5.1.1 Multiple Vulnerabilities

SOGo is prone to multiple vulnerabilities in SAML. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:alinto:sogo"; if description...

7.5CVSS7.7AI score0.01325EPSS
Exploits0References1
NVD
NVD
added 2021/06/04 3:15 p.m.14 views

CVE-2021-33054

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. Only versions after 2.0.5a are affected...

7.5CVSS0.00987EPSS
Exploits0References5
CVE
CVE
added 2021/06/04 2:40 p.m.105 views

CVE-2021-33054

CVE-2021-33054 affects SOGo 2.x (before 2.4.1) and 3.x–5.x (before 5.1.1); the issue is that SOGo does not validate signatures of any SAML assertions, allowing an attacker with network access to impersonate users via SAML authentication. The root cause is the lack of SAML signature validation. Pu...

7.5CVSS7.4AI score0.00987EPSS
Exploits0References5Affected Software1
Akamai Blog
Akamai Blog
added 2021/06/01 1:0 p.m.81 views

SOGo and PacketFence Impacted by SAML Implementation Vulnerabilities

Part of Akamai's incident management process for vulnerabilities in third party software involves verifying potential impact in other systems using the same or similar libraries. While following that process when addressing the SAML impersonation vulnerability, CVE-2021-28091, which impacted...

5CVSS8.2AI score0.01325EPSS
Exploits0
Rows per page
Query Builder