CVE-2011-4625 Information

Description

simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

https://security-tracker.debian.org/tracker/CVE-2011-4625 https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.5