PT-2019-6695 · Simplesamlphp · Simplesamlphp

Published

2019-11-06

·

Updated

2022-04-22

·

CVE-2011-4625

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions simplesamlphp versions prior to 1.6.3 and versions prior to 1.8.2
Description The issue incorrectly handles XML encryption, potentially allowing remote attackers to decrypt or forge messages.
Recommendations For versions prior to 1.6.3, update to version 1.6.3 or later. For versions prior to 1.8.2, update to version 1.8.2 or later.

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

CVE-2011-4625
DSA-2330-1
GHSA-5FJ7-F8X3-Q2MC

Affected Products

Simplesamlphp