4952 | Slack SAML authentication bypass |
Authentication bypass |
Slack |
Antonio Sanso (@asanso) |
Bug Bounty | 2017-10-26 | 2023-06-13 |
4687 | Oracle WebLogic - Multiple SAML Vulnerabilities (CVE-2018-2998/CVE-2018-2933) |
SAML
Authentication bypass |
Oracle (WebLogic) |
Denis Andzakovic |
Bug Bounty | 2018-07-18 | 2023-06-13 |
1915 | XXE in SAML SSO Writeup - Bug Bounty |
XXE |
NA |
Aditya Singh / rook1337 (@imrook1337) |
Bug Bounty | 2022-01-16 | 2023-06-13 |
1583 | CVE-2022-25262 | JetBrains Hub single-click SAML response takeover |
Authorization flaw
SAML
OAuth |
JetBrains |
Yurii Sanin (@SaninYurii) |
Bug Bounty | 2022-05-03 | 2023-06-13 |
873 | Gregor Samsa: Exploiting Java%27s XML Signature Verification |
Integer truncation
RCE
SAML |
OpenJDK
Apache Commons BCEL |
Felix Wilhelm (@_fel1x) |
Bug Bounty | 2022-11-02 | 2023-06-13 |
571 | Azure Active Directory Flaw Allowed SAML Persistence |
Azure AD
SAML
SSO |
Microsoft (Azure) |
Secureworks Counter Threat Unit (@Secureworks) |
Bug Bounty | 2023-01-18 | 2023-06-13 |
567 | CVE-2022-47966 SAML ShowStopper |
SAML
XSLT injection |
Zoho (ManageEngine) |
Khoa Dinh (@_l0gg) |
Bug Bounty | 2023-01-19 | 2023-06-13 |
200 | TOPdesk vulnerable to XML Signature Wrapping Attacks |
XML Signature Wrapping
SAML
SSO |
TOPdesk |
Paulo A. Silva (@pauloasilva_com) |
Bug Bounty | 2023-04-12 | 2023-06-13 |
148 | Redash SAML Authentication Bypass |
SAML
Authentication bypass |
Redash |
An Trinh (@_tint0) |
Bug Bounty | 2023-04-28 | 2023-06-13 |