Skip to main content

Picketlink

3 CVEs product

Monthly

CVE-2015-3158 Maven MEDIUM PATCH This Month

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Privilege Escalation Java Picketlink
NVD GitHub
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-6254 MEDIUM This Month

The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Picketlink
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2015-0277 MEDIUM This Month

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Picketlink
NVD
CVSS 2.0
6.0
EPSS
0.5%
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Tomcat Privilege Escalation Java +1
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM This Month

The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Picketlink
NVD
EPSS 1% CVSS 6.0
MEDIUM This Month

The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Picketlink
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy