- EPSS 0.45%
- Veröffentlicht 26.08.2015 19:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted appl...
- EPSS 0.7%
- Veröffentlicht 17.08.2015 20:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows r...
- EPSS 0.53%
- Veröffentlicht 17.08.2015 20:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. ...