VYPR
Moderate severityNVD Advisory· Published Aug 26, 2015· Updated Jun 17, 2026

CVE-2015-3158

CVE-2015-3158

Description

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.picketlink:picketlink-tomcat-commonMaven
< 2.7.1.Final2.7.1.Final

Affected products

2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.