ID CVE-2020-13415
Summary An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.
References
Vulnerable Configurations
CVSS
Base: 5.0
Impact:
Exploitability:
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 22-05-2020 - 21:15
Published 22-05-2020 - 21:15
Last modified 23-05-2020 - 02:11
Back to Top