CVE-2020-13415 – An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SA …

Vuln ID: CVE-2020-13415

Published:  2020-05-22  21:15:12Z

Description: An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.

Source: NVD.NIST.GOV

 

Tags