) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:shibboleth:identity_provider:2.4.1:*:*:*:*:*:*:*
- CPE Name Search: true
There are 1 matching records.
Displaying matches 1 through 1.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-1796 |
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor. Published: July 08, 2015; 11:59:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |