3 matches found
CVE-2026-59151
Prowler (cloud security platform) had a SAML authentication flow flaw prior to version 5.30.3 where the tenant was determined by the asserted email domain in the SAMLResponse rather than the validated SAML configuration. The ACS finish logic recalculated the tenant from user.email, enabling an au...
CVE-2026-12804 lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is...
CVE-2024-20355
A vulnerability in the implementation of SAML 2.0 single sign-on SSO for remote access VPN services in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affecte...