Vulnerabilities > Simplesamlphp

DATE CVE VULNERABILITY TITLE RISK
2020-04-21 CVE-2020-5301 Improper Handling of Case Sensitivity vulnerability in Simplesamlphp
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability.
3.5
2020-01-24 CVE-2020-5226 Cross-site Scripting vulnerability in Simplesamlphp
Cross-site scripting in SimpleSAMLphp before version 1.18.4.
3.5
2020-01-24 CVE-2020-5225 Information Exposure Through Log Files vulnerability in Simplesamlphp
Log injection in SimpleSAMLphp before version 1.18.4.
network
low complexity
simplesamlphp CWE-532
5.5
2019-11-07 CVE-2019-3465 Improper Verification of Cryptographic Signature vulnerability in multiple products
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
6.5
2019-11-06 CVE-2011-4625 Improper Handling of Exceptional Conditions vulnerability in multiple products
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
network
low complexity
simplesamlphp debian CWE-755
5.0
2018-03-05 CVE-2018-7711 Improper Verification of Cryptographic Signature vulnerability in multiple products
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation.
6.8
2018-03-05 CVE-2018-7644 Improper Verification of Cryptographic Signature vulnerability in Simplesamlphp
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue.
network
low complexity
simplesamlphp CWE-347
5.0
2018-02-02 CVE-2017-18122 Improper Verification of Cryptographic Signature vulnerability in multiple products
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16.
6.8
2018-02-02 CVE-2017-18121 Cross-site Scripting vulnerability in multiple products
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser.
4.3
2018-02-02 CVE-2018-6521 The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters.
network
low complexity
simplesamlphp debian
7.5