CVE-2017-12873
published 2017-09-01CVE-2017-12873: SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | simplesamlphp | < simplesamlphp 1.14.11-1 (bookworm) | simplesamlphp 1.14.11-1 (bookworm) |
| simplesamlphp | simplesamlphp | >= 0 < 1.14.11-1 | 1.14.11-1 |
| simplesamlphp | simplesamlphp | >= 0 < 1.14.11-1 | 1.14.11-1 |
| simplesamlphp | simplesamlphp | >= 1.7.0 < 1.14.11 | 1.14.11 |
| simplesamlphp | simplesamlphp | 1.7.0 – 1.14.10 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL