Saml2 Security Vulnerabilities and Issues — Saml2 CVE List

Lucene search

SimplesamlphpSaml2

3 matches found

CVE•added 2025/03/11 7:15 p.m.•54 views

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accep...

8.6CVSS6.9AI score0.00052EPSS

CVE•added 2024/12/02 5:15 p.m.•53 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

8.3CVSS8.2AI score0.00108EPSS

CVE•added 2018/03/05 10:29 p.m.•50 views

CVE-2018-7711

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP func...

8.1CVSS7.8AI score0.0022EPSS