Lucene search
K

138 matches found

Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.7 views

PT-2024-5029 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 through 4.18.2.1 Apache CloudStack versions 4.19.0.0 through 4.19.0.2 Description: The issue is related to the SAML authentication mechanism in Apache CloudStack, which does not enforce signature checks when...

10CVSS7.4AI score0.1776EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.5 views

PT-2024-40273 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.17 Description: A signature validation bypass issue has been found in the SimpleSAML XML Validator class, which performs the verification of the XML digital signature of a SAML 1 message with a given key...

7.3AI score
Exploits0References5
OSV
OSV
added 2024/03/06 12:15 p.m.3 views

CVE-2024-2005

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

8CVSS5.8AI score0.00453EPSS
Exploits0References1
OSV
OSV
added 2024/02/26 8:4 p.m.3 views

GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...

9.1CVSS5.8AI score0.00834EPSS
Exploits0References6
OSV
OSV
added 2024/02/13 4:15 a.m.2 views

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

8.3CVSS5.8AI score0.94721EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/11 12:0 a.m.8 views

Samly security breach

Samly is used to enable the Plug/Phoenix application via SAML. A security vulnerability exists in Samly versions prior to 1.4.0, which stems from the ability to return expired sessions, which can interfere with access control...

9.8CVSS6.7AI score0.00664EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2024/02/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

8.3CVSS7.4AI score0.94721EPSS
Exploits1References1
OSV
OSV
added 2023/11/01 6:15 p.m.4 views

CVE-2023-20264

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

6.1CVSS5.6AI score0.00377EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/10/31 2:35 a.m.6 views

SUSE CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.5 views

PT-2023-7130 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the implementation of Security Assertion Markup...

6.4CVSS6.1AI score0.00377EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.6 views

Fortinet FortiOS Cross-Site Scripting Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam security features. A security vulnerability exists in Fortinet...

5.4CVSS6.6AI score0.00343EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/09/20 4:46 p.m.5 views

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

7.5CVSS6.9AI score0.01193EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/09/19 8:7 a.m.4 views

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

7.5CVSS6.9AI score0.01193EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/09/19 8:5 a.m.5 views

open-vm-tools: SAML token signature bypass

An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been...

7.5CVSS6.9AI score0.01193EPSS
Exploits0References5
OSV
OSV
added 2023/08/30 5:15 p.m.4 views

CVE-2023-40593

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language SAML request to the /saml/acs REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.6 views

PT-2023-27527 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.6 Splunk Enterprise versions prior to 8.2.12 Description: A malicious actor can send a malformed security assertion markup language SAML request to the "/saml/acs" REST endpoint, causing a denial of...

7.5CVSS7AI score0.00487EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.6 views

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze data and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...

7.5CVSS7.4AI score0.00487EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.6 views

Siemens Mendix SAML Module 授权问题漏洞

The Mendix SAML module allows you to authenticate users in cloud applications using SAML. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. An authentication bypass vulnerability exists in Siemens Mendix SAML, which can be exploited by an attacker to bypa...

9.8CVSS7.1AI score0.00888EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/03/17 12:0 a.m.5 views

The vulnerability of the Single Sign-On module in the application’s software platform for deployment and testing of software applications of Mendix allows a perpetrator to gain unauthorized access to the application.

The vulnerability of the Single Sign-On module for application SAML in the software platform for deployment and testing of software applications of Mendix is related to errors in the implementation of the authentication algorithm. Exploiting this vulnerability may allow a malicious actor to gain...

9.4CVSS7.2AI score0.00581EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/02/16 7:15 p.m.2 views

CVE-2023-23781

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files...

8.8CVSS6.6AI score0.007EPSS
Exploits0References1
Rows per page
Query Builder