Product
shibboleth service provider
8 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-22947
CVE-2021-31826
CVE-2021-28963
CVE-2019-19191
CVE-2010-2450
CVE-2017-16852
CVE-2015-2684
CVE-2009-3300
< 3.4.1
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivilege
>= 3.0.0 and < 3.2.2
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. T
< 3.2.1
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.
>= 3.0.0 and < 3.1.0
Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the s
all versions
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private k
< 2.6.1
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fai
<= 2.5.3
Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and th