Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ShibbolethService Provider

2 matches found

CVE
CVEadded 2021/03/22 8:15 a.m.49 views

CVE-2021-28963

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

5.3CVSS5.3AI score0.00488EPSS
CVE
CVEadded 2021/04/27 4:15 a.m.45 views

CVE-2021-31826

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.

7.5CVSS7.3AI score0.01478EPSS