Shibboleth Identity Provider — known CVE vulnerabilities
Every CVE whose affected-product data names Shibboleth Identity Provider, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-27978 — CVSS 7.5 (high): Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to…
CVE-2014-3603 — CVSS 5.9 (medium): The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java…
CVE-2015-1796 — CVSS 4.3 (medium): The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509…