CVE-2021-21238
- EPSS 0.14%
- Published 21.01.2021 15:15:14
- Last modified 21.11.2024 05:47:50
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnera...
CVE-2021-21239
- EPSS 2.06%
- Published 21.01.2021 15:15:14
- Last modified 21.11.2024 05:47:50
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify sign...
CVE-2020-5390
- EPSS 0.76%
- Published 13.01.2020 19:15:12
- Last modified 21.11.2024 05:34:02
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be...
CVE-2017-1000433
- EPSS 2.08%
- Published 02.01.2018 23:29:00
- Last modified 21.11.2024 03:04:44
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
CVE-2017-1000246
- EPSS 0.12%
- Published 17.11.2017 04:29:00
- Last modified 20.04.2025 01:37:25
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
CVE-2016-10149
- EPSS 1.77%
- Published 24.03.2017 14:59:00
- Last modified 20.04.2025 01:37:25
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
- EPSS 0.78%
- Published 03.03.2017 15:59:00
- Last modified 20.04.2025 01:37:25
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.