ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."
References
Link | Resource |
---|---|
http://componentspace.com | Product |
http://componentspacesaml2.com | Broken Link |
https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf | Release Notes |
Configurations
History
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
Summary | ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates." |
21 Jun 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates." |
30 Mar 2023, 16:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Componentspace saml
Componentspace |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-295 | |
CPE | cpe:2.3:a:componentspace:saml:4.4.0:*:*:*:*:asp.net:*:* | |
References | (MISC) http://componentspace.com - Product | |
References | (MISC) http://componentspacesaml2.com - Broken Link | |
References | (MISC) https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf - Release Notes |
24 Mar 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-24 23:15
Updated : 2024-03-21 02:44
NVD link : CVE-2022-45597
Mitre link : CVE-2022-45597
CVE.ORG link : CVE-2022-45597
JSON object : View
Products Affected
componentspace
- saml
CWE
CWE-295
Improper Certificate Validation