Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AdNovum nevisAuth SAML 安全漏洞
Vulnerability Description
AdNovum nevisAuth是瑞士AdNovum公司的一套用户系统身份验证和访问管理解决方案。 AdNovum nevisAuth 4.18.3.1之前4.13.0.0版本的SAML 2.0实现过程中存在安全漏洞,该漏洞源于程序没有正确匹配X.509证书和IdP的证书。远程攻击者可借助特制的证书利用该漏洞注入任意SAML断言。
CVSS Information
N/A
Vulnerability Type
N/A