Known Vulnerabilities for products from Simplesamlphp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Simplesamlphp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-49087 json | 7.5 - HIGH | 2023-11-30 | 2023-12-06 | |
| CVE-2023-41890 json | Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. ... | 7.5 - HIGH | 2023-09-19 | 2023-09-22 |
| CVE-2020-5301 json | SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Mo... | 3.1 - LOW | 2020-04-21 | 2021-09-14 |
| CVE-2020-5261 json | Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 ha... | 6.8 - MEDIUM | 2020-03-25 | 2021-03-24 |
| CVE-2020-5226 json | Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitt... | 5.4 - MEDIUM | 2020-01-24 | 2020-01-30 |
| CVE-2020-5225 json | Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends t... | 5.4 - MEDIUM | 2020-01-24 | 2020-01-31 |
| CVE-2019-3465 json | Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation o... | 8.8 - HIGH | 2019-11-07 | 2023-11-07 |
| CVE-2018-7711 json | HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature... | 8.1 - HIGH | 2018-03-05 | 2018-03-29 |
| CVE-2018-7644 json | The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML as... | 7.5 - HIGH | 2018-03-05 | 2019-10-03 |
| CVE-2018-6521 json | The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering... | 9.8 - CRITICAL | 2018-02-02 | 2019-10-03 |
| CVE-2018-6520 json | SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority dat... | 6.1 - MEDIUM | 2018-02-02 | 2018-02-15 |
| CVE-2018-6519 json | The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of S... | 7.5 - HIGH | 2018-02-02 | 2018-10-03 |
| CVE-2017-18122 json | A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using S... | 8.1 - HIGH | 2018-02-02 | 2019-05-13 |
| CVE-2017-18121 json | The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker... | 6.1 - MEDIUM | 2018-02-02 | 2019-05-13 |
| CVE-2017-12874 json | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return v... | 7.5 - HIGH | 2017-09-01 | 2019-05-06 |
| CVE-2017-12873 json | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have ... | 9.8 - CRITICAL | 2017-09-01 | 2019-10-03 |
| CVE-2017-12872 json | The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and ... | 5.9 - MEDIUM | 2017-09-01 | 2019-05-13 |
| CVE-2017-12871 json | The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-... | 5.9 - MEDIUM | 2017-09-01 | 2017-09-06 |
| CVE-2017-12870 json | SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveragin... | 5.9 - MEDIUM | 2017-09-01 | 2017-09-06 |
| CVE-2017-12869 json | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictio... | 7.5 - HIGH | 2017-09-01 | 2019-05-10 |
Known software with vulnerabilities from Simplesamlphp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Simplesamlphp | Infocard Module | 1.0 |
| Application | Simplesamlphp | Saml2 | 0.1.0 |
| Application | Simplesamlphp | Simplesamlphp | 0.4 |