Description

The web application uses SAML. The web application's SAML Consumer Service doesn't require SAML Response signature.
An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to takeover accounts of other users in the application.

Remediation

Change configuration of the SAML service to require a valid signature for SAML Response

References

Security Assertion Markup Language

Related Vulnerabilities

WordPress Plugin WP e-Commerce-Store Exporter Privilege Escalation (1.6.6)

WordPress Plugin PowerPack for Beaver Builder Privilege Escalation (2.33.0)

WordPress Plugin Bulk Delete Privilege Escalation (5.5.3)

WordPress plugin All in One SEO Pack privilege escalation vulnerabilities

WordPress Plugin WP e-Commerce-Store Toolkit Privilege Escalation (2.0)

Severity

High

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Tags

Privilege Escalation