308 matches found
The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows a perpetrator to establish a VPN session on a vulnerable device.
The vulnerability of the SAML implementation for VPN remote access services in microprogramming network devices such as Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD is related to the absence of authentication procedures. Exploiting this vulnerability allows a...
PT-2024-40273 · Unknown · Simplesamlphp
Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions prior to 1.14.17 Description: A signature validation bypass issue has been found in the SimpleSAML XML Validator class, which performs the verification of the XML digital signature of a SAML 1 message with a given key...
Logpoint 安全漏洞
Logpoint is a network security application from Logpoint Denmark. A security vulnerability exists in Logpoint SAML Authentication prior to version 6.0.3, which stems from a faulty authentication and may result in an interrupted authentication login...
Mattermost 安全漏洞
Mattermost Server is the United States Mattermost company's set of open source messaging platform. Mattermost Server suffers from an Access Control Error vulnerability that can be exploited by an attacker to switch their authentication mail from SAML to email and potentially edit personal details...
PT-2024-5050 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.13.0 GitHub Enterprise Server version 3.9.15 GitHub Enterprise Server version 3.10.12 GitHub Enterprise Server version 3.11.10 GitHub Enterprise Server version 3.12.4 Description: An authentication...
HCL BigFix Platform 安全漏洞
HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix Platform that originates from ...
CVE-2024-2005
In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...
PT-2024-18535
Name of the Vulnerable Software and Affected Versions Blue Planet products through 22.12 Description A misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet has released software updates to address this issue...
GHSA-4M6J-23P2-8C54 Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Impact The SAML implementation provided by armeria-saml currently accepts unsigned SAML messages assertions, logout requests, etc. as they are, rather than rejecting them by default. As a result, an attacker can forge a SAML message to authenticate themselves, despite the fact that such an unsign...
CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...
Samly security breach
Samly is used to enable the Plug/Phoenix application via SAML. A security vulnerability exists in Samly versions prior to 1.4.0, which stems from the ability to return expired sessions, which can interfere with access control...
VulnCheck KEV: CVE-2024-22024
An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure 9.x, 22.x, Ivanti Policy Secure 9.x, 22.x and ZTA gateways which allows an attacker to access certain restricted resources without authentication...
Kantega SAML SSO OIDC Kerberos Security Vulnerability
Kantega SAML SSO OIDC Kerberos is an authentication plug-in from Kantega. A security vulnerability exists in Kantega SAML SSO OIDC Kerberos versions 4.4.2 through 4.14.8, 5.0.0 through 5.11.4, and 6.0.0 through 6.19.0, which stems from incorrect URL parameter cleanup that allows for HTML injectio...
OESA-2023-1833 open-vm-tools security update
The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...
CVE-2023-20264
A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...
USN-6463-1 open-vm-tools vulnerabilities
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...
SUSE CVE-2019-3878
A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...
PT-2023-7130 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to the implementation of Security Assertion Markup...
PT-2023-29649 · Saml · Saml
Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.14 Description: The package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the...
Fortinet FortiOS Cross-Site Scripting Vulnerability
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam security features. A security vulnerability exists in Fortinet...