Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shibboleth opensaml 2.4.1 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3603
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) prior to 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.50...
Shibboleth Identity Provider
Shibboleth Opensaml Java
5.8
CVSSv2
CVE-2011-1411
Shibboleth OpenSAML library 2.4.x prior to 2.4.3 and 2.5.x prior to 2.5.1, and IdP prior to 2.3.2, allows remote malicious users to forge messages and bypass authentication via an "XML Signature wrapping attack."
Shibboleth Opensaml 2.4.0
Shibboleth Opensaml 2.4.1
Shibboleth Opensaml 2.4.2
Shibboleth Opensaml 2.5.0
Shibboleth Shibboleth-identity-provider 2.2.0
Shibboleth Shibboleth-identity-provider 2.1.5
Shibboleth Shibboleth-identity-provider 2.1.4
Shibboleth Shibboleth-identity-provider 2.1.3
Shibboleth Shibboleth-identity-provider 2.3.0
Shibboleth Shibboleth-identity-provider 2.2.1
Shibboleth Shibboleth-identity-provider 2.1.0
Shibboleth Shibboleth-identity-provider 2.0.0
Shibboleth Shibboleth-identity-provider
Shibboleth Shibboleth-identity-provider 2.1.2
Shibboleth Shibboleth-identity-provider 2.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started