MidnightBSD

Advisories for internet2

CVE-2013-6440 MEDIUM

The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
shibboleth opensaml 2.4.1
shibboleth opensaml 2.5.1
shibboleth opensaml 2.5.2
internet2 opensaml 2.0
shibboleth opensaml *
shibboleth opensaml 2.5.0
shibboleth opensaml 2.4.0
internet2 opensaml 2.1.0
shibboleth opensaml 2.4.2
shibboleth opensaml 2.4.3
internet2 opensaml 2.2.0
shibboleth opensaml 2.5.3
CVE-2018-19794 MEDIUM

Cross-site scripting (XSS) vulnerability in UiV2Public.index in Internet2 Grouper 2.2 and 2.3 allows remote attackers to inject arbitrary web script or HTML via the code parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
internet2 grouper 2.2
internet2 grouper 2.3
CVE-2025-59714

In Internet2 Grouper 5.17.1 before 5.20.5, group admins who are not Grouper sysadmins can configure loader jobs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 1.2 5.2
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

Products Affected

Vendor Product Version
internet2 grouper *