Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:shibboleth:identity_provider:2.4.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1796 |
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor. Published: July 08, 2015; 11:59:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |