Vulnerabilities > Shibboleth > Opensaml > 2.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-14 | CVE-2013-6440 | Information Exposure vulnerability in multiple products The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration. | 5.0 |
| 2011-09-02 | CVE-2011-1411 | Improper Authentication vulnerability in Shibboleth Opensaml and Shibboleth-Identity-Provider Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." | 5.8 |