Apache · Apache Guacamole · CVE-2021-43999
**Name of the Vulnerable Software and Affected Versions**
Apache Guacamole versions 1.2.0 through 1.3.0
**Description**
The issue concerns the improper validation of responses from a SAML identity provider. If SAML support is enabled, a malicious user may assume the identity of another Guacamole user.
**Recommendations**
For Apache Guacamole versions 1.2.0 and 1.3.0, consider disabling SAML support until a patch is available.
Restrict access to the SAML identity provider integration to minimize the risk of exploitation.