Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-6292

Malware in sbrugna...

10CVSS9.5AI score0.34593EPSS
Exploits0References2
OSV
OSV
added 2022/05/13 1:7 a.m.15 views

GHSA-Q4Q2-93PW-QWGF Issuer validation regression in Spring Cloud SSO Connector

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8.1CVSS7.9AI score0.01589EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.21 views

Issuer validation regression in Spring Cloud SSO Connector

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8.1CVSS6.8AI score0.01589EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/05/07 4:22 p.m.18 views

CVE-2018-1256

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8.1CVSS8.2AI score0.01589EPSS
Exploits0References1
CVE
CVE
added 2018/05/07 3:0 p.m.55 views

CVE-2018-1256

CVE-2018-1256 relates to Spring Cloud SSO Connector 2.1.2, where a regression disables issuer validation in resource servers not bound to the SSO service. In PCF environments with multiple SSO service plans, an attacker could authenticate against unbound resource servers using tokens from another...

8.1CVSS7.9AI score0.01589EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/01/20 12:29 a.m.25 views

CVE-2017-14803

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system...

10CVSS9.6AI score0.34593EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/01/20 12:0 a.m.31 views

CVE-2017-14803

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system...

9.6AI score0.34593EPSS
Exploits0References1
Rows per page
Query Builder