Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
CVE-2019-3465 - High Severity Vulnerability
A PHP library for XML Security
Dependency Hierarchy: - :x: **robrichards/xmlseclibs-3.0.1** (Vulnerable Library)
Found in HEAD commit: 9265509e6f8f33da6589d91be95eae590b521f37
Found in base branch: master
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
Publish Date: 2019-11-07
URL: CVE-2019-3465
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3465
Release Date: 2019-11-07
Fix Resolution: robrichards/xmlseclibs-1.4.3,2.1.1,3.0.4