Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:37562
HistoryOct 14, 2022 - 11:00 a.m.

Improper Verification Of Cryptographic Signature

2022-10-1411:00:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
passport-saml
cryptographic signature
verification
saml authentication
remote attacker
xml element

EPSS

0.009

Percentile

83.1%

JSON

Passport-saml is vulnerable to improper cryptographic signature verification. A remote attacker is able to bypass SAML authentication via an arbitrary IDP signed XML element, due to improper checks for a valid top-level signature in saml.ts .

Related

osv 4
prion 2
githubexploit 1
ibm 1
nvd 2
cve 2
github 2
cvelist 2
debiancve 1
ubuntucve 1
redhatcve 1
openvas 1
nessus 2
debian 1
osv
osv
CVE-2022-39299
2022-10-12 21:15:09
Signature bypass via multiple root elements
2022-10-12 22:05:41
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
prion
prion
Authentication flaw
2022-10-12 21:15:00
Design/Logic Flaw
2022-11-02 17:15:00
githubexploit
githubexploit
Exploit for Improper Verification of Cryptographic Signature in Passport-Saml Project Passport-Saml
2022-10-31 13:24:34
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )
2024-08-08 14:33:56
nvd
nvd
CVE-2022-39299
2022-10-12 21:15:09
CVE-2022-39353
2022-11-02 17:15:17
cve
cve
CVE-2022-39299
2022-10-12 21:15:09
CVE-2022-39353
2022-11-02 17:15:17
github
github
Signature bypass via multiple root elements
2022-10-12 22:05:41
xmldom allows multiple root nodes in a DOM
2022-11-01 17:29:11
cvelist
cvelist
CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML
2022-10-12 00:00:00
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
2022-11-02 00:00:00
debiancve
debiancve
CVE-2022-39353
2022-11-02 17:15:17
ubuntucve
ubuntucve
CVE-2022-39353
2022-11-02 00:00:00
redhatcve
redhatcve
CVE-2022-39353
2022-11-14 03:56:39
openvas
openvas
Debian: Security Advisory (DLA-3260-1)
2023-01-02 00:00:00
nessus
nessus
Debian DLA-3260-1 : node-xmldom - LTS security update
2023-01-07 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
2023-05-24 00:00:00
debian
debian
[SECURITY] [DLA 3260-1] node-xmldom security update
2023-01-01 17:00:48

EPSS

0.009

Percentile

83.1%

JSON
Related for VERACODE:37562
osv4prion2githubexploit1ibm1nvd2cve2github2cvelist2debiancve1ubuntucve1redhatcve1openvas1nessus2debian1