Shibboleth Service Provider 3.1.0

CPE Details

Shibboleth Service Provider 3.1.0
shibboleth
service_provider
3.1.0
2019-12-05
19h02 +00:00
2019-12-05
19h02 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:shibboleth:service_provider:3.1.0:*:*:*:*:*:*:*

Informations

Vendor

shibboleth

Product

service_provider

Version

3.1.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-22947 2023-01-10 23h00 +00:00 Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
7.3
Haute
CVE-2021-31826 2021-04-27 01h33 +00:00 Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
7.5
Haute
CVE-2021-28963 2021-03-22 06h02 +00:00 Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
5.3
Moyen