threat
engine
.sh
Back
·
··:··
Home
/
Product
/
simplesamlphp
Product
simplesamlphp
30 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-32600
< 1.13.9
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted w
8.2
HIGH
CVE-2023-49087
all versions
xml-security is a library that implements XML signatures and encryption. Validation of an XML signature requires verification that
6.8
MEDIUM
CVE-2010-10008
< 0.9.0
UNSUPPORTED WHEN ASSIGNED
A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has
3.5
LOW
CVE-2010-10004
< 2010-07-29
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unkn
3.5
LOW
CVE-2010-10002
< 1.0
UNSUPPORTED WHEN ASSIGNED
A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-ope
3.1
LOW
CVE-2020-5301
< 1.18.6
SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in
SimpleSAML\Module
3.0
LOW
CVE-2020-5226
< 1.18.4
Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted an
4.4
MEDIUM
CVE-2020-5225
< 1.18.4
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them v
4.4
MEDIUM
CVE-2019-3465
<= 1.17.6
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cry
8.8
HIGH
CVE-2011-4625
>= 1.6.0 and < 1.6.3
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers
7.5
HIGH
CVE-2018-7711
< 1.15.4
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature vali
8.1
HIGH
CVE-2018-7644
< 1.15.3
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML asserti
7.5
HIGH
CVE-2017-18122
<= 1.14.16
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1
8.1
HIGH
CVE-2017-18121
<= 1.14.15
The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to c
6.1
MEDIUM
CVE-2018-6521
< 1.15.2
The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four
9.8
CRITICAL
CVE-2018-6520
>= 1.12.0 and < 1.15.1
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in
6.1
MEDIUM
CVE-2018-6519
>= 1.0.0 and < 1.10.4
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Servic
7.5
HIGH
CVE-2017-12874
all versions
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values
7.5
HIGH
CVE-2017-12873
>= 1.7.0 and <= 1.14.10
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspe
9.8
CRITICAL
CVE-2017-12872
<= 1.14.11
The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earli
5.9
MEDIUM
CVE-2017-12871
all versions
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-depen
5.9
MEDIUM
CVE-2017-12870
<= 1.14.12
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use
5.9
MEDIUM
CVE-2017-12869
<= 1.14.13
The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions an
7.5
HIGH
CVE-2017-12868
<= 1.14.13
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, a
9.8
CRITICAL
CVE-2017-12867
<= 1.14.14
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to
5.9
MEDIUM
CVE-2016-9955
< 1.14.11
The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on
6.3
MEDIUM
CVE-2016-9814
<= 1.14.9
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1
9.1
CRITICAL
CVE-2016-3124
<= 1.14.0
The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecifi
5.3
MEDIUM
CVE-2012-0908
<= 1.8.1
Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remo
CVE-2012-0040
<= 1.8.1
Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions befo
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin