Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheCloudstack4.5.0

2 matches found

CVE
CVEadded 2024/07/19 10:19 a.m.103 views

CVE-2024-41107

CVE-2024-41107 — Apache CloudStack: SAML Signature Exclusion Root cause: CloudStack’s SAML authentication can bypass signature checks when SAML is enabled, allowing spoofed, unsigned SAML responses to authenticate as a legitimate SAML-enabled user. Impact: In affected environments, an attacker ca...

8.1CVSS8.1AI score0.1776EPSS
CVE
CVEadded 2022/07/18 2:30 p.m.78 views

CVE-2022-35741

The CVE-2022-35741 issue affects Apache CloudStack 4.5.0 and later, specifically the SAML 2.0 authentication Service Provider plugin. The vulnerability is XML External Entity (XXE) injection in the XML-based SAML messages parsed during authentication. Attacker must have the plugin enabled (not en...

9.8CVSS10AI score0.06734EPSS