Description
The web application uses SAML. The web application's SAML Consumer Service doesn't check a SAML Response signature when Signature element is removed.
An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to takeover accounts of other users in the application.
Remediation
Change configuration of the SAML service to require a valid signature for SAML Response
References
Related Vulnerabilities
WordPress Plugin WP e-Commerce-Store Exporter Privilege Escalation (1.6.6)
Apache CouchDB JSON Remote Privilege Escalation Vulnerability
WordPress Plugin WP Job Manager Privilege Escalation (1.34.3)
WordPress Plugin WPGateway Privilege Escalation (3.5)
WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.8)