GHSA-GW5J-77F9-V2G2 Loop with Unreachable Exit Condition in Apache CXF

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service infinite loop via a crafted SAML token in the authorization header of a request to a JAX-RS service...

GHSA-66RX-GQX3-P98M Improper Authentication in Apache Axis2

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

CVE-2022-26951

Archer 6.x through 6.10 6.10.0.0 contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...

PT-2022-13515 · Mattermost · Mattermost Server

Name of the Vulnerable Software and Affected Versions: Mattermost server versions up to and including 6.3.2 Description: A call stack overflow bug in the SAML login feature allows an attacker to crash the server by submitting a maliciously crafted POST body to the login endpoint. Recommendations:...

CVE-2022-26155

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body...

VulnCheck KEV: CVE-2022-23131

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML...

Apache Guacamole 授权问题漏洞

Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.2.0 and 1.3.0, which stems from the failure of Apache Guacamole 1.2.0 and 1.3.0 ...

What is SAML authentication ❓ How does it work ❓

Enterprises using various business apps have a tough time maintaining data’s secrecy and access grants as per user roles throughout the infrastructure landscape. SAML Security Assertion Markup Language shows up as a great aid at this front. Let’s see what is it, how it works, what are its...

CVE-2021-41030

An authentication bypass by capture-replay vulnerability CWE-294 in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages...

The vulnerability of the SAML (Security Assertion Markup Language) implementation of the IBM Data Risk Manager application, which allows attackers to bypass security mechanisms for identifying, analyzing, and visualizing business risks.

The vulnerability of the SAML Security Assertion Markup Language implementation of the IBM Data Risk Manager application, which is used for identifying, analyzing, and visualizing business risks, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow...

Palo Alto Networks PAN-OS 缓冲区错误漏洞

A memory corruption vulnerability exists in Palo Alto Networks PAN-OS, an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A problem with the software memory handling leads to a memory corruption vulnerability, which allows an authenticated attacker to execute...

VulnCheck KEV: CVE-2020-4427

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication...

PT-2021-7256 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to log in without credentials and access a...

PT-2021-18096 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9 and below Description: The issue allows a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account through an XML Signature Wrapping Attack. It is...

DRUPAL-CONTRIB-2021-036

This module provides a solution to authenticate visitors using existing SAML providers. Certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" an...

CVE-2021-37154

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

Palo Alto Networks PAN-OS 授权问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in the Palo Alto Networks PAN-OS software that allows a SAML-authenticated attacker to impersonate any other user in the GlobalProtect portal and...

CVE-2021-22920

A vulnerability has been discovered in Citrix ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a...

CVE-2021-22927

A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session...

lasso: XML signature wrapping vulnerability when parsing SAML responses

An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability...