CVE-2011-4625

EUVD-2022-1634
simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
simplesamlphpsimplesamlphp
1.6.0 ≤
𝑥
< 1.6.3
simplesamlphpsimplesamlphp
1.8.0 ≤
𝑥
< 1.8.2
debiandebian_linux
8.0
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
simplesamlphp
bookworm
1.19.7-1
fixed
bullseye
1.19.0-1
fixed
sid
1.19.7-1
fixed
trixie
1.19.7-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
simplesamlphp
hardy
dne
lucid
dne
maverick
ignored
natty
ignored
oneiric
ignored
precise
Fixed 1.8.2-1
released
quantal
Fixed 1.8.2-1
released
raring
Fixed 1.8.2-1
released
Common Weakness Enumeration
References
https://security-tracker.debian.org/tracker/CVE-2011-4625
https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545
https://security-tracker.debian.org/tracker/CVE-2011-4625
https://www.mageni.net/1.3.6.1.4.1.25623.1.0.70545