The application plugins in Apache CXF Fediz 1.2.x prior to 1.2.3 and 1.3.x prior to 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote malicious users to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cxf fediz 1.2.2 |
||
apache cxf fediz 1.2.0 |
||
apache cxf fediz 1.2.1 |
||
apache cxf fediz 1.3.0 |