5
CVSSv2

CVE-2020-13415

Published: 22/05/2020 Updated: 26/05/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

An issue exists in Aviatrix Controller up to and including 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.

Vulnerability Trend

Affected Products

Vendor Product Versions
AviatrixController5.1