CVSS Score of 10 (low)


Published Jun 25, 2023
Updated: Jul 6, 2023
CWE ID 918


CVE-2023-36661 is a vulnerability in Shibboleth XMLTooling before version 3.2.4, which is used in OpenSAML and Shibboleth Service Provider. The vulnerability allows for SSRF (Server Side Request Forgery) through a crafted KeyInfo element. The issue has been addressed in Shibboleth Service Provider on Windows. This vulnerability has a high severity rating of 7.5 according to NVD, indicating the potential danger it poses to organizations. The affected products include various versions of jsNHiU, r6Wi8C, r6Wi8D, r6Wi8E, r6Wi8F, nZVYwq, r6Wi8G, r6Wi8H, r6Wi8I, r6Wi8J, r6Wi8K, r6Wi8L, and r6Wi8M. It is important for organizations to update their Shibboleth Service Provider installations to the fixed version in order to remediate this vulnerability and mitigate the risk of exploitation.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36661 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options