CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Picketlink: >> Picketlink >> 2.7.0 Security Vulnerabilities

CVE-2015-3158

The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.

CVSS Score

4.0

EPSS Score

0.004

Published

2015-08-26

Page 1

Vulnerabilities

Vulnerable Software

Picketlink: >> Picketlink >> 2.7.0 Security Vulnerabilities

Products

Pricing

Contact Us