Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2018-07-24T15:00:00Z
Updated: 2024-09-16T22:55:40.613Z
Reserved: 2018-01-12T00:00:00
Link: CVE-2018-5387
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-24T15:29:01.187
Modified: 2024-11-21T04:08:43.203
Link: CVE-2018-5387
Redhat
No data.