CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5407

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2020-5407

Pivotal Software » Spring Security » Version: 5.2.0

cpe:2.3:a:pivotal_software:spring_security:5.2.0
Pivotal Software » Spring Security » Version: 5.2.1

cpe:2.3:a:pivotal_software:spring_security:5.2.1
Pivotal Software » Spring Security » Version: 5.2.2

cpe:2.3:a:pivotal_software:spring_security:5.2.2
Pivotal Software » Spring Security » Version: 5.2.3

cpe:2.3:a:pivotal_software:spring_security:5.2.3
Pivotal Software » Spring Security » Version: 5.3.0

cpe:2.3:a:pivotal_software:spring_security:5.3.0
Pivotal Software » Spring Security » Version: 5.3.1

cpe:2.3:a:pivotal_software:spring_security:5.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-5407

Products

Pricing

Contact Us