VYPR

PicketLink

by Red Hat

CVEs (2)

  • CVE-2015-6254Aug 17, 2015
    risk 0.00cvss epss 0.02

    The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have…

  • CVE-2015-0277Aug 17, 2015
    risk 0.00cvss epss 0.02

    The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has…