Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
picketlink vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2015-3158
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink prior to 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) ...
Picketlink Picketlink
6
CVSSv2
CVE-2015-6254
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink prior to 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote malicious users to hav...
Picketlink Picketlink
6
CVSSv2
CVE-2019-3873
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks.
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.0
3.5
CVSSv2
CVE-2019-3872
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduc...
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.0
5
CVSSv2
CVE-2010-2493
The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) t...
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 5.0.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started