CVE-2022-45597

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."
Configurations

Configuration 1 (hide)

cpe:2.3:a:componentspace:saml:4.4.0:*:*:*:*:asp.net:*:*

History

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary ** DISPUTED ** ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates." ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."

21 Jun 2023, 04:15

Type Values Removed Values Added
Summary ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. ** DISPUTED ** ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."

30 Mar 2023, 16:21

Type Values Removed Values Added
First Time Componentspace saml
Componentspace
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-295
CPE cpe:2.3:a:componentspace:saml:4.4.0:*:*:*:*:asp.net:*:*
References (MISC) http://componentspace.com - (MISC) http://componentspace.com - Product
References (MISC) http://componentspacesaml2.com - (MISC) http://componentspacesaml2.com - Broken Link
References (MISC) https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf - (MISC) https://www.componentspace.com/documentation/saml-for-asp-net-core/ComponentSpace%20SAML%20for%20ASP.NET%20Core%20Release%20Notes.pdf - Release Notes

24 Mar 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-24 23:15

Updated : 2023-12-10 15:01


NVD link : CVE-2022-45597

Mitre link : CVE-2022-45597

CVE.ORG link : CVE-2022-45597


JSON object : View

Products Affected

componentspace

  • saml
CWE
CWE-295

Improper Certificate Validation