CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-5353

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.0%

CVSS Severity

CVSS v2 Score 5.8

References

http://status.openathens.net/adv.php
http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
http://status.openathens.net/adv.php
http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

Products affected by CVE-2012-5353

Eduserv » Openathens Service Provider » Version: 2.0

cpe:2.3:a:eduserv:openathens_service_provider:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-5353

Products

Pricing

Contact Us