Lucene search
K

308 matches found

BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.7 views

The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to establish a VPN session on a vulnerable device.

The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD is related to the absence of authentication procedures. Exploiting this vulnerability allows a...

5CVSS5.5AI score0.00333EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.5 views

PT-2024-40273 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.17 Description: A signature validation bypass issue has been found in the SimpleSAML XML Validator class, which performs the verification of the XML digital signature of a SAML 1 message with a given key...

7.3AI score
Exploits0References5
CNNVD
CNNVD
added 2024/05/27 12:0 a.m.4 views

Logpoint 安全漏洞

Logpoint is a network security application from Logpoint Denmark. A security vulnerability exists in Logpoint SAML Authentication prior to version 6.0.3, which stems from a faulty authentication and may result in an interrupted authentication login...

5.3CVSS6.9AI score0.00422EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/05/26 12:0 a.m.5 views

Mattermost 安全漏洞

Mattermost Server is the United States Mattermost company's set of open source messaging platform. Mattermost Server suffers from an Access Control Error vulnerability that can be exploited by an attacker to switch their authentication mail from SAML to email and potentially edit personal details...

4.3CVSS7AI score0.00274EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/20 12:0 a.m.8 views

PT-2024-5050 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13.0 GitHub Enterprise Server version 3.9.15 GitHub Enterprise Server version 3.10.12 GitHub Enterprise Server version 3.11.10 GitHub Enterprise Server version 3.12.4 Description: An authentication...

10CVSS7.3AI score0.02573EPSS
Exploits0References55
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.5 views

HCL BigFix Platform 安全漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that originates from ...

4CVSS6.1AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 12:15 p.m.3 views

CVE-2024-2005

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

8CVSS5.8AI score0.00453EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.6 views

PT-2024-18535

Name of the Vulnerable Software and Affected Versions Blue Planet products through 22.12 Description A misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet has released software updates to address this issue...

9CVSS9.1AI score0.00453EPSS
Exploits0References5
OSV
OSV
added 2024/02/26 8:4 p.m.3 views

GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages

Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...

9.1CVSS5.8AI score0.00834EPSS
Exploits0References6
OSV
OSV
added 2024/02/13 4:15 a.m.2 views

CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

8.3CVSS5.8AI score0.94721EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/11 12:0 a.m.7 views

Samly security breach

Samly is used to enable the Plug/Phoenix application via SAML. A security vulnerability exists in Samly versions prior to 1.4.0, which stems from the ability to return expired sessions, which can interfere with access control...

9.8CVSS6.7AI score0.00664EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2024/02/06 12:0 a.m.3 views

VulnCheck KEV: CVE-2024-22024

An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...

8.3CVSS7.4AI score0.94721EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.6 views

Kantega SAML SSO OIDC Kerberos Security Vulnerability

Kantega SAML SSO OIDC Kerberos is an authentication plug-in from Kantega. A security vulnerability exists in Kantega SAML SSO OIDC Kerberos versions 4.4.2 through 4.14.8, 5.0.0 through 5.11.4, and 6.0.0 through 6.19.0, which stems from incorrect URL parameter cleanup that allows for HTML injectio...

6.1CVSS7.3AI score0.00495EPSS
Exploits0References7
OSV
OSV
added 2023/11/17 11:6 a.m.7 views

OESA-2023-1833 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

7.5CVSS6.8AI score0.00667EPSS
Exploits0References3
OSV
OSV
added 2023/11/01 6:15 p.m.4 views

CVE-2023-20264

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

6.1CVSS5.6AI score0.00377EPSS
Exploits0References1
OSV
OSV
added 2023/10/31 2:47 p.m.6 views

USN-6463-1 open-vm-tools vulnerabilities

It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...

7.5CVSS6.7AI score0.00667EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/10/31 2:35 a.m.6 views

SUSE CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

8.1CVSS6.8AI score0.02969EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.5 views

PT-2023-7130 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the implementation of Security Assertion Markup...

6.4CVSS6.1AI score0.00377EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.9 views

PT-2023-29649 · Saml · Saml

Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.14 Description: The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the...

10CVSS6.9AI score0.01956EPSS
Exploits9References44
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.6 views

Fortinet FortiOS Cross-Site Scripting Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam security features. A security vulnerability exists in Fortinet...

5.4CVSS6.6AI score0.00343EPSS
Exploits0References3
Rows per page
Query Builder