CVE-2015-5372

Name of the Vulnerable Software and Affected Versions AdNovum nevisAuth versions 4.13.0.0 through 4.18.3.0

Description The issue concerns the SAML 2.0 implementation when using SAML POST-Binding. It does not properly match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP). This allows remote attackers to inject arbitrary SAML assertions via a crafted certificate.

Recommendations For AdNovum nevisAuth versions 4.13.0.0 through 4.18.3.0, update to version 4.18.3.1 or later to resolve the issue.