VYPR

Saml2

by Simplesamlphp

Source repositories

CVEs (4)

  • CVE-2016-9814CriFeb 17, 2017
    risk 0.59cvss 9.1epss 0.02

    The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory…

  • CVE-2025-27773HigMar 11, 2025
    risk 0.49cvss 8.6epss 0.00

    The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the…

  • CVE-2024-52806HigDec 2, 2024
    risk 0.47cvss 8.3epss 0.00

    SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18.

  • CVE-2022-45597Mar 24, 2023
    risk 0.00cvss epss 0.01

    ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion…