Vulnerabilities > Simplesamlphp

DATE CVE VULNERABILITY TITLE RISK
2020-04-21 CVE-2020-5301 Information Exposure vulnerability in Simplesamlphp
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability.
3.5
2020-03-25 CVE-2020-5261 Authentication Bypass BY Capture-Replay vulnerability in Simplesamlphp Saml2
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection.
4.9
2020-01-24 CVE-2020-5226 Cross-Site Scripting vulnerability in Simplesamlphp
Cross-site scripting in SimpleSAMLphp before version 1.18.4.
3.5
2020-01-24 CVE-2020-5225 Information Exposure Through LOG Files vulnerability in Simplesamlphp
Log injection in SimpleSAMLphp before version 1.18.4.
network
low complexity
simplesamlphp CWE-532
5.5
2019-11-07 CVE-2019-3465 Improper Verification of Cryptographic Signature vulnerability in multiple products
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
6.5
2019-11-06 CVE-2011-4625 Improper Handling of Exceptional Conditions vulnerability in multiple products
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
network
low complexity
simplesamlphp debian CWE-755
5.0
2018-03-05 CVE-2018-7711 Improper Verification of Cryptographic Signature vulnerability in multiple products
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation.
6.8
2018-03-05 CVE-2018-7644 Improper Verification of Cryptographic Signature vulnerability in Simplesamlphp
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
network
low complexity
simplesamlphp CWE-347
5.0
2018-02-02 CVE-2017-18122 Improper Verification of Cryptographic Signature vulnerability in multiple products
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16.
6.8
2018-02-02 CVE-2017-18121 Cross-Site Scripting vulnerability in multiple products
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
4.3