How severe is CVE-2024-8698?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2024-8698?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2024-8698 - HIGH Severity | CVSS 7.7

Vulnerability Description

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.

Related Vulnerabilities

CVE-2023-28602

HIGH

CVSS:7.7(High)

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versio...

CWE-3472023

CVE-2002-1796

HIGH

CVSS:7.8(High)

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

CWE-3472002

CVE-2014-9934

HIGH

CVSS:7.8(High)

A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.

CWE-3472014

CVE-2016-11044

HIGH

CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The Samsu...

CWE-3472016

CVE-2018-10988

HIGH

CVSS:7.8(High)

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, wi...

CWE-3472018

CVE-2018-18653

HIGH

CVSS:7.8(High)

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading...

CWE-3472018