vulnerability
Debian: CVE-2019-3465: simplesamlphp -- security update
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Nov 8, 2019 | Nov 8, 2019 | Feb 10, 2020 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Nov 8, 2019
Added
Nov 8, 2019
Modified
Feb 10, 2020
Description
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
Solution
debian-upgrade-simplesamlphp

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.