Описание
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 4.18.3.0 (включая)
cpe:2.3:a:adnovum:nevisauth:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00196
Низкий
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.
EPSS
Процентиль: 42%
0.00196
Низкий
5 Medium
CVSS2
Дефекты
CWE-287