Published on November 8th, 2019 📆 | 4337 Views ⚑0
Rob Richards XmlSecLibs up to 3.0.2 Signature XML Message spoofing
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability has been found in Rob Richards XmlSecLibs up to 3.0.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Signature Handler. The manipulation as part of a XML Message leads to a spoofing vulnerability. The CWE definition for the vulnerability is CWE-290. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was disclosed 11/07/2019 as mailinglist post (Bugtraq). The advisory is shared at seclists.org. This vulnerability is known as CVE-2019-3465 since 12/31/2018. A single authentication is required for exploitation. Neither technical details nor an exploit are publicly available.
Upgrading to version 3.0.3 eliminates this vulnerability.
VulDB Meta Base Score: 5.5
VulDB Meta Temp Score: 5.3
Status: Not defined
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day Time: 🔒
Upgrade: XmlSecLibs 3.0.3
Created: 11/08/2019 01:01 PM Download the whitepaper to learn more about our service!
Download the whitepaper to learn more about our service!