138 matches found
PT-2024-5029 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 through 4.18.2.1 Apache CloudStack versions 4.19.0.0 through 4.19.0.2 Description: The issue is related to the SAML authentication mechanism in Apache CloudStack, which does not enforce signature checks when...
PT-2024-40273 · Unknown · Simplesamlphp
Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.17 Description: A signature validation bypass issue has been found in the SimpleSAML XML Validator class, which performs the verification of the XML digital signature of a SAML 1 message with a given key...
CVE-2024-2005
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...
GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...
Samly security breach
Samly is used to enable the Plug/Phoenix application via SAML. A security vulnerability exists in Samly versions prior to 1.4.0, which stems from the ability to return expired sessions, which can interfere with access control...
VulnCheck KEV: CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...
CVE-2023-20264
A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...
SUSE CVE-2019-3878
A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...
PT-2023-7130 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the implementation of Security Assertion Markup...
Fortinet FortiOS Cross-Site Scripting Vulnerability
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam security features. A security vulnerability exists in Fortinet...
open-vm-tools: SAML token signature bypass
An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...
open-vm-tools: SAML token signature bypass
An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...
open-vm-tools: SAML token signature bypass
An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...
CVE-2023-40593
In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language SAML request to the /saml/acs REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon...
PT-2023-27527 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 8.2.12 Description: A malicious actor can send a malformed security assertion markup language SAML request to the "/saml/acs" REST endpoint, causing a denial of...
Splunk 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze data and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...
Siemens Mendix SAML Module 授权问题漏洞
The Mendix SAML module allows you to authenticate users in cloud applications using SAML. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. An authentication bypass vulnerability exists in Siemens Mendix SAML, which can be exploited by an attacker to bypa...
The vulnerability of the Single Sign-On module in the application’s software platform for deployment and testing of software applications of Mendix allows a perpetrator to gain unauthorized access to the application.
The vulnerability of the Single Sign-On module for application SAML in the software platform for deployment and testing of software applications of Mendix is related to errors in the implementation of the authentication algorithm. Exploiting this vulnerability may allow a malicious actor to gain...
CVE-2023-23781
A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files...