Siemens Mendix SAML Module 授权问题漏洞

The Mendix SAML module allows you to authenticate users in cloud applications using SAML. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. An authentication bypass vulnerability exists in Siemens Mendix SAML, which can be exploited by an attacker to bypa...

ComponentSpace SAML 信任管理问题漏洞

ComponentSpace SAML is ComponentSpace's SAML and OpenID solution for ASP.NET and ASP.NET Core. A trust management issue vulnerability exists in ComponentSpace SAML version 4.4.0, which stems from a lack of SSL certificate validation...

The vulnerability of the Single Sign-On module in the application’s software platform for deployment and testing of software applications of Mendix allows a perpetrator to gain unauthorized access to the application.

The vulnerability of the Single Sign-On module for application SAML in the software platform for deployment and testing of software applications of Mendix is related to errors in the implementation of the authentication algorithm. Exploiting this vulnerability may allow a malicious actor to gain...

Siemens Mendix SAML Module 授权问题漏洞

The Mendix SAML Module allows the use of SAML to authenticate users in cloud applications. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. An authentication bypass vulnerability exists in Siemens Mendix SAML Module, which stems from inadequate validatio...

CVE-2023-23781

A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files...

SUSE CVE-2012-5351

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

SUSE CVE-2017-5190

NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile...

SUSE CVE-2022-23131

In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...

The vulnerability of the SAML implementation for the application’s single-input module of the Mendix software development and application testing platform allows a perpetrator to gain access to protected information.

The vulnerability of the SAML implementation for application single-sign-on in the Mendix software development and application testing platform relates to insufficient protection of the web page structure. Exploiting this vulnerability could allow a malicious actor to gain access to protected...

Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability

Users of multiple Zoho ManageEngine products are under urgent advice to install the patch issued October 27, 2022. The advice is urgent because on January 13, 2023 the Horizon3 Attack Team tweeted that Proof of Concept PoC code and a deep-dive blog will be released within a week. Mitigation A lon...

VulnCheck KEV: CVE-2022-27518

Citrix Application Delivery Controller ADC and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator...

CVE-2022-35842

An exposure of sensitive information to an unauthorized actor vulnerabiltiy CWE-200 in FortiOS SSL-VPN versions 7.2.0, versions 7.0.0 through 7.0.6 and versions 6.4.0 through 6.4.9 may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS...

Wire 授权问题漏洞

Wire is a chat program from the German company Wire. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original greeting method, PING. An authorization issue vulnerability exists in versions prior to Wire 4.19.0, whi...

Passport-SAML 数据伪造问题漏洞

Passport-SAML is the SAML 2.0 authentication provider for Passport, the Node.js authentication library. Passport-SAML suffers from a data forgery issue vulnerability that stems from the fact that a remote attacker can use passport-saml to bypass SAML authentication on a website...

Elastic Cloud Enterprise 日志信息泄露漏洞

Elastic Cloud Enterprise is a cloud platform from Elastic. It makes it easy to deploy, operate, and scale Elastic Stack in the cloud. A security vulnerability exists in Elastic Cloud Enterprise versions prior to 3.1.1, which stems from the disclosure of the SAML signature private key used for RBA...

CVE-2022-37011

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions V1.17.0, Mendix SAML Mendix 8 compatible All versions V2.3.0, Mendix SAML Mendix 9 compatible, New Track All versions V3.3.1, Mendix SAML Mendix 9 compatible, Upgrade Track All versions V3.3.0. Affected versions o...

CVE-2022-20733

A vulnerability in the login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language SAML metadata. An...

Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language SAML metadata. An...

Drupal 信任管理问题漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A trust management issue vulnerability exists in Drupal SAML SP version 2.0. An attacker exploits the vulnerability to log in as any selected user...

CVE-2022-31261

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker ca...