14 matches found
CVE-2026-41005 - UAA accepts SAML Encrypted Assertions authentication bypass | Cloud Foundry
Severity CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 9.0 / Critical CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H 9.5 / Critical Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v2.0.0 through v78.13.0 incorrectly treated XML encryption to the Service...
CVE-2026-22734
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...
Cloud Foundry cf-deployment和Cloud Foundry UUA 安全漏洞
Cloud Foundry cf-deployment and Cloud Foundry UUA are both products of the American Cloud Foundry Foundation. Cloud Foundry cf-deployment is a Cloud Foundry deployment tool. Cloud Foundry UUA is an identity authentication and authorization management service. There are security vulnerabilities in...
CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...
CVE-2026-22734
The CVE-2026-22734 issue concerns a SAML 2.0 signature/encryption bypass in Cloud Foundry UUA/UAA. Affected software includes Cloud Foundry UUA from v77.30.0 to v78.7.0 and CF Deployment from v48.7.0 to v54.14.0, where UAA accepts unsigned/unencrypted SAML 2.0 bearer assertions, enabling an attac...
CVE-2026-1568
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
CVE-2026-1568
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
CVE-2026-1568 Rapid7 InsightVM Signature Validation Vulnerability
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
CVE-2026-1568 Rapid7 InsightVM Signature Validation Vulnerability
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
EUVD-2026-5244
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
CVE-2026-1568
Rapid7 InsightVM versions before 8.34.0 contain a signature verification issue on the Assertion Consumer Service ACS cloud endpoint that could allow an attacker to gain unauthorized access to InsightVM accounts setup via "Security Console" installations, resulting in full account takeover. The...
Authentication Bypass
Node-SAML is vulnerable to an Authentication Bypass. The vulnerability is due to loading assertions from the unsigned original SAML response instead of the signature-verified data, allowing attackers to modify authentication details within a valid assertion, such as altering the username, and...
USN-4974-1 lasso vulnerability
It was discovered that Lasso did not properly verify that all assertions in a SAML response were properly signed. An attacker could possibly use this to impersonate users or otherwise bypass access controls...
DEBIAN-CVE-2017-18122
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...