Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shibboleth shibboleth-identity-provider vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2022-24129
The OIDC OP plugin prior to 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows malicious users to interact with arbitrary third-party HTTP services.
Shibboleth Oidc Op
445
VMScore
CVE-2020-27978
Shibboleth Identify Provider 3.x prior to 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session.
Shibboleth Identity Provider
383
VMScore
CVE-2014-3603
The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) prior to 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.50...
Shibboleth Identity Provider
Shibboleth Opensaml Java
383
VMScore
CVE-2015-1796
The PKIX trust engines in Shibboleth Identity Provider prior to 2.4.4 and OpenSAML Java (OpenSAML-J) prior to 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote malicious users to impersonate an entity via a certifica...
Shibboleth Identity Provider
Shibboleth Opensaml Java
516
VMScore
CVE-2011-1411
Shibboleth OpenSAML library 2.4.x prior to 2.4.3 and 2.5.x prior to 2.5.1, and IdP prior to 2.3.2, allows remote malicious users to forge messages and bypass authentication via an "XML Signature wrapping attack."
Shibboleth Opensaml 2.4.0
Shibboleth Opensaml 2.4.1
Shibboleth Opensaml 2.4.2
Shibboleth Opensaml 2.5.0
Shibboleth Shibboleth-identity-provider 2.2.0
Shibboleth Shibboleth-identity-provider 2.1.5
Shibboleth Shibboleth-identity-provider 2.1.4
Shibboleth Shibboleth-identity-provider 2.1.3
Shibboleth Shibboleth-identity-provider 2.3.0
Shibboleth Shibboleth-identity-provider 2.2.1
Shibboleth Shibboleth-identity-provider 2.1.0
Shibboleth Shibboleth-identity-provider 2.0.0
Shibboleth Shibboleth-identity-provider
Shibboleth Shibboleth-identity-provider 2.1.2
Shibboleth Shibboleth-identity-provider 2.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started