CVE-2019-3465

Name of the Vulnerable Software and Affected Versions Rob Richards XmlSecLibs versions prior to 3.0.3 SimpleSAMLphp (affected versions not specified)

Description The issue is related to incorrect validation of cryptographic signatures in XML messages. This allows an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. Exploitation of the vulnerability may also enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Rob Richards XmlSecLibs versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. For SimpleSAMLphp, at the moment, there is no information about a newer version that contains a fix for this vulnerability.