Description

The web application uses SAML. The web application's SAML Consumer Service doesn't require SAML Response signature.
An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to takeover accounts of other users in the application.

Remediation

Change configuration of the SAML service to require a valid signature for SAML Response

References

Related Vulnerabilities