exploitDog

CVE-2015-3158

Опубликовано: 26 авг. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:picketlink:picketlink:*:cr3:*:*:*:*:*:*

Версия до 2.7.0 (включая)

EPSS

Процентиль: 63%

0.00447

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2015-3158

redhat

больше 10 лет назад

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

GHSA-9qhq-j4xm-cw48

github

больше 3 лет назад

PicketLink does not properly check role based authorization

EPSS

Процентиль: 63%

0.00447

Низкий

4 Medium

CVSS2

Дефекты

CWE-264