CVE-2020-5407 is a vulnerability in Pivotal Software Spring Security
Published on May 13, 2020
Signature Wrapping Vulnerability with spring-security-saml2-service-provider
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
Weakness Type
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Products Associated with CVE-2020-5407
Want to know whenever a new CVE is published for Pivotal Software Spring Security? stack.watch will email you.
Affected Versions
Spring by VMware Spring Security:- Version 5.2 and below 5.2.4 is affected.
- Version 5.3 and below 5.3.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.