Описание
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- Permissions Required
- ExploitTechnical DescriptionThird Party Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:topdesk:topdesk:12.10.12:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00273
Низкий
8.1 High
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 8.1
github
больше 2 лет назад
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
EPSS
Процентиль: 50%
0.00273
Низкий
8.1 High
CVSS3
Дефекты
CWE-863