9.8

CVE-2022-45597

EPSS 0.21%
Veröffentlicht 24.03.2023 23:15:06
Zuletzt bearbeitet 21.11.2024 07:29:28
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Componentspace ≫ Saml Version4.4.0 SwPlatformasp.net

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.433

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://componentspace.com

Product

http://componentspacesaml2.com

Broken Link

https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2022-45597

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45597

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45597

EUVD