opensaml-2.6.4.jar vulnerable to CVE-2015-1796, Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority trust anchors to impersonate any entity
CVEID:CVE-2015-1796
**DESCRIPTION:**Shibboleth Identity Provider could allow a remote attacker to bypass security restrictions, caused by an error in the PKIX trust component. An attacker could exploit this vulnerability using a certificate issued by the shibmd:KeyAuthority trust anchors to impersonate any eneity.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/105594 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Product(s) | Version(s) |
---|---|
Resilient OnPrem | IBM Security SOAR |
Users must upgrade to v40.0 of IBM Resilient in order to obtain a fix for this vulnerability. This upgrades the version of OpenSAML to v3.4.5.
You can upgrade the platform by following the instructions in the “Upgrade Procedure” section in the IBM Knowledge Center.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm resilient | eq | 40 |