The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T00:32:25.478Z
Reserved: 2016-05-02T00:00:00
Link: CVE-2016-4464

No data.

Status : Modified
Published: 2016-09-21T18:59:04.897
Modified: 2024-11-21T02:52:16.280
Link: CVE-2016-4464

No data.