Skip to main content

Saml

16 CVEs product

Monthly

CVE-2023-45683 Go MEDIUM PATCH This Month

github.com/crewjam/saml is a saml library for the go language. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Saml
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29129 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Saml
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-45597 CRITICAL Act Now

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28119 Go HIGH PATCH This Week

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Saml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25957 HIGH This Week

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Saml
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-41912 Go CRITICAL PATCH Act Now

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Saml
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-44457 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-37011 CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Saml
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-32286 MEDIUM This Month

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saml
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-32285 HIGH This Week

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Saml
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-21678 Maven HIGH PATCH This Week

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Saml
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-36786 PHP HIGH PATCH This Week

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36785 PHP MEDIUM PATCH This Month

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Saml
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33712 HIGH This Week

A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Saml
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-27846 Go CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml Openshift Container Platform Openshift Service Mesh +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2018-1000602 Maven MEDIUM PATCH This Month

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Session Fixation Jenkins Authentication Bypass Saml
NVD
CVSS 3.0
5.9
EPSS
0.9%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

github.com/crewjam/saml is a saml library for the go language. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Saml
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Saml
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Saml
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Saml
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Saml
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Saml
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Saml
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Saml
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Saml
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saml
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Saml
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Saml
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml +4
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Session Fixation Jenkins +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy