Description

The web application uses SAML. The web application's SAML Consumer Service allows referencing to remote servers/local files (using KeyInfo RetrievalMethod and other methods). An unauthenticated attacker may be able to use it in order to read arbitrary files on the server or send requests to other servers (SSRF).

Remediation

Disable dereferencing for external resources

References

Related Vulnerabilities