An issue exists in Aviatrix Controller up to and including 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
aviatrix controller |