CNNVD-202509-1554 Information

CNNVD ID

CNNVD-202509-1554

Related CVE

CVE-2025-9943

• CNNVD Published: 2025-09-10

Description (Chinese)

Shibboleth Service Provider是英国Shibboleth公司的一个单点登录框架。 Shibboleth Service Provider 3.5.0及之前版本存在安全漏洞，该漏洞源于SAML响应中ID属性存在SQL注入，可能导致数据库信息泄露。

Description (English)

Shibboleth Service Production is a single-point login framework for Shibboleth. There is a security gap in Shibboleth Service Production 3.5.0 and previous versions, which stems from the SQL injection of ID attributes in the SAML response, which could lead to the release of database information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Shibboleth

Published

2025-09-10

Last Modified

2026-02-24

References

https://r.sec-consult.com/shibboleth https://shibboleth.net/community/advisories/secadv_20250903.txt https://shibboleth.net/downloads/service-provider/3.5.1/

Patch

https://shibboleth.net/downloads/service-provider/