Vulnerabilities > Picketlink

DATE	CVE	VULNERABILITY TITLE	RISK
2015-08-26	CVE-2015-3158	Permissions, Privileges, and Access Controls vulnerability in Picketlink 2.7.0 The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. network low complexity picketlink CWE-264	4.0
2015-08-17	CVE-2015-6254	Code vulnerability in Picketlink The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. network picketlink CWE-17	6.0

Vulnerabilities > Picketlink {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Picketlink"}]}