COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2022-45597

CVE-2022-45597

Severity
critical
Source
NVD · cve
Published
2023-03-24
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-45597
shame 35/100

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion b

Players implicated

componentspace · vendorsaml · product

Description

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.