Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Akamai Blog
Akamai Blogadded 2021/06/01 1:0 p.m.216 views

SAML Implementation Vulnerability Impacting Some Akamai Services

This blog post provides an overview of a vulnerability discovered in Akamai's Enterprise Application Access EAA product which has been patched. This vulnerability could have allowed an actor to impersonate an authorized user when interacting with an application that used Security Assertion Markup...

5CVSS8.1AI score0.00639EPSS
Exploits0
CNNVD
CNNVDadded 2021/04/22 12:0 a.m.0 views

FusionAuth fusionauth-samlv2 代码问题漏洞

fusionauth fusionauth-samlv2 is a personal developer of a JAVA library that provides JAXB functionality . The library can mainly handle SAML requests and replies for scenarios such as single sign-on. A security vulnerability exists in FusionAuth fusionauth-samlv2 versions prior to 0.5.4 that allo...

6.5CVSS6.5AI score0.00276EPSS
Exploits1References4
Prion
Prionadded 2020/10/02 8:15 p.m.9 views

Authentication flaw

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack"...

6.4CVSS9.2AI score0.00141EPSS
Exploits3References5Affected Software1
Cvelist
Cvelistadded 2020/10/02 7:40 p.m.13 views

CVE-2020-12676

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack"...

9.4AI score0.00141EPSS
Exploits3References5
CVE
CVEadded 2020/10/02 7:40 p.m.70 views

CVE-2020-12676

FusionAuth fusionauth-samlv2 0.2.3 is vulnerable to a Signature Exclusion Attack: remote attackers can forge SAML messages and bypass authentication when a SAML assertion lacks a Signature element. The Red Hat/Red Hat advisory and other connected sources confirm the affected version and behavior....

9.1CVSS9.2AI score0.00141EPSS
Exploits3References5Affected Software1
Packet Storm
Packet Stormadded 2020/10/02 12:0 a.m.453 views

FusionAuth-SAMLv2 0.2.3 Message Forging

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: SAML v2.0 bindings in Java using JAXB Vendor: FusionAuth CSNC ID: CSNC-2020-002 CVE ID: CVE-2020-12676 Subject: Signature Exclusion Attack Risk: High Effect: Remotely exploitable Author: Felix Sieges Date:...

9.4AI score0.00141EPSS
Exploits3
Rows per page
Query Builder