edu.internet2.middleware:shibboleth-identityprovider (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package edu.internet2.middleware:shibboleth-identityprovider, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2014-3603 — CVSS 5.9 (medium): The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java…
CVE-2014-3607 — CVSS 5.9 (medium): DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the…
CVE-2015-1796 — CVSS 4.3 (medium): The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509…