← Back

Sogo

sogo

Vendor: Inverse • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-33054
2Debian
Inverse
2Debian Linux
Sogo
Nov 21, 2024
Jun 4, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authent...Show more
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)Show less