Описание
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.7.0 (включая) до 1.14.10 (включая)
cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00725
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 8 лет назад
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
CVSS3: 9.8
debian
больше 8 лет назад
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain se ...
CVSS3: 9.8
github
около 6 лет назад
Incorrect persistent NameID generation in SimpleSAMLphp
EPSS
Процентиль: 72%
0.00725
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-384