CVE-2023-34923: XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the...

0.0 CVSS

Description

XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.

Classification

CVE ID: CVE-2023-34923

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 42.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://char49.com/articles/topdesk-vulnerable-to-xml-signature-wrapping-attacks
https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=56a16ba1c2824e9a82655892ba75d3c0

Timeline

2024-12-05 00:32:05 UTC
CVE

XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the...