Описание
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).
A flaw was found in the OpenSAML C++ library. This vulnerability allows forging signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | opensaml-core | Fix deferred | ||
| Red Hat build of Apache Camel 4 for Quarkus 3 | quarkus-camel-bom | Not affected | ||
| Red Hat build of Apache Camel 4 for Quarkus 3 | quarkus-cxf-bom | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 4 | opensaml-core | Not affected | ||
| Red Hat Fuse 7 | opensaml-core | Not affected | ||
| Red Hat Integration Camel K 1 | opensaml-core | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 7 | opensaml-core | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 8 | opensaml-core | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.jboss.eap-jboss-eap-xp | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | opensaml-core | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS3
Связанные уязвимости
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML me ...
EPSS
4 Medium
CVSS3