Logo
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Resources
Documentation Portal Ideas Portal Logpoint Academy License Portal
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security

Arbitrary file deletion through URL Injection to SAML SSO-URL Response

Avatar Rushmi Bhuju
February 04, 2025 08:41
Follow

Advisory ID: LVD-2024-007

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSSv 3.1 Base Score: 9.1

Severity: Critical

CVE: CVE-2024-36383

CWE: CWE-73

Date Published: 2024-05-27

Description:

The state parameter in the SAML SSO-URL response could be injected, causing arbitrary file deletion. Due to this, sometimes users could not log in using SAML Authentication.

Affected Product:

SAML Authentication v6.0.2

Solution:

Upgrade to SAML Authentication v6.0.3

Acknowledgments: -

 

 

Comments

Article is closed for comments.

Related articles

  • Local File Inclusion in File System Collector
  • Server Side Request Forgery (SSRF) on Threat Intelligence
  • NXLog Enterprise
  • OAuth Authentication
  • Support Overview
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.