VDB
CVE-2019-3465
CVE-2019-3465
PUBLISHED
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message.
EPSS 1.87% · 83.5th percentile
Risk Scores
EPSS Score
1.87%
83.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | simplesamlphp | 0, 1.14.0-1, 1.14.0-1ubuntu2 |
| Ubuntu:18.04:LTS | simplesamlphp | 1.15.2-1, 0, 1.15.3-1 |
Timeline
- Nov 7, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Aug 4, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Mar 31, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3465 third-party-advisory
- https://groups.google.com/forum/#!msg/simplesamlphp-announce/2odMqz63z7k/6zQQeM91EwAJ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3465 third-party-advisory