Description

The web application uses SAML. The web application's SAML Consumer Service XML parser is vulnerable to XSLT injection.
XSLT (Extensible Stylesheet Language Transformations) is a language for transforming XML documents into other XML documents.
An unauthenticated attacker may be able to use it in order to read arbitrary files on the server or send requests to other servers (SSRF).

Remediation

Disable execution of arbitrary XSLT.

References

XSLT Processing Security and Server Side Request Forgeries

Related Vulnerabilities

ColdFusion Access Control bypass with WDDX Deserialization RCE (CVE-2023-29298/CVE-2023-29300)

ImageMagick remote code execution

Deserialization of Untrusted Data (Java JSON Deserialization) Jackson

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496)

Apache Log4j socket receiver deserialization vulnerability

Severity

High

Classification

CWE-91 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Tags

Acumonitor SSRF