cisco-sa-lasso-saml-jun2021-DOXNRLkD

Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021

cisco-sa-lasso-saml-jun2021-DOXNRLkD · High · Published 4 years ago · Updated 4 years ago

On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application. For a description of this vulnerability, see lasso.git NEWS. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2021-28091
Cisco Bug IDs	CSCvx73154
CVSS Score	Base 8.8 Base 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco Email Security Appliance (ESA), Cisco Secure Email

Related Products

Product	CVE	Evidence
Cisco Secure Email	CVE-2021-28091	Cisco OpenVuln
Cisco Email Security Appliance (ESA)	CVE-2021-28091	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021

Workarounds

Related Products