CVE-2022-45597

Name of the Vulnerable Software and Affected Versions ComponentSpace.Saml2 version 4.4.0

Description The issue concerns missing SSL certificate validation at the application layer. According to the vendor, this is not considered a vulnerability because certificates are exchanged between trusted entities in a controlled manner, allowing for the use of self-signed certificates. The vendor emphasizes that validating certificates at the application layer is less critical than at the transport layer.

Recommendations For ComponentSpace.Saml2 version 4.4.0, consider implementing additional validation for SSL certificates at the application layer as a precautionary measure, even though the vendor does not consider this a vulnerability. However, since the vendor does not acknowledge this as a vulnerability, there is no official fix or patch provided. As a result, at the moment, there is no information about a newer version that contains a fix for this issue.