Box Information for VU#475445

Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Status

Not Affected

Vendor Statement

Box is not affected by VU#475445 and has provided guidance to customers on our community site here:
https://community.box.com/t5/Box-Product-News/Recently-reported-SAML-vulnerabilities-What-you-need-to-know-as/ba-p/52403

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://community.box.com/t5/Box-Product-News/Recently-reported-SAML-vulnerabilities-What-you-need-to-know-as/ba-p/52403

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.