Описание
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
Ссылки
- MitigationVendor Advisory
- Mailing ListThird Party Advisory
- MitigationVendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:cxf_fediz:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf_fediz:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf_fediz:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf_fediz:1.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02058
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 7 лет назад
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
EPSS
Процентиль: 84%
0.02058
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-284