Skip to main content

Saml2

7 CVEs product

Monthly

CVE-2023-49087 PHP HIGH POC PATCH This Week

xml-security is a library that implements XML signatures and encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Saml2 Xml Security
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-41890 NuGet HIGH PATCH This Week

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-5268 NuGet HIGH PATCH This Week

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
7.3
EPSS
1.1%
CVE-2020-5261 NuGet MEDIUM PATCH This Month

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Saml2
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2018-7711 PHP HIGH PATCH This Week

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure PHP Simplesamlphp Saml2 +1
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-6519 PHP HIGH PATCH This Week

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Saml2 Debian Linux
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-9814 PHP CRITICAL PATCH Act Now

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Simplesamlphp Saml2
NVD
CVSS 3.0
9.1
EPSS
0.8%
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

xml-security is a library that implements XML signatures and encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Saml2 Xml Security
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Saml2
NVD GitHub
EPSS 1% CVSS 7.3
HIGH PATCH This Week

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Saml2
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Saml2
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure PHP +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Saml2 Debian Linux
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Simplesamlphp Saml2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy