Browse all 3 CVE security advisories affecting Sustainsys. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Sustainsys develops identity and access management solutions, primarily serving organizations requiring robust authentication and authorization systems. Historically, their products have been susceptible to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, often stemming from insufficient input validation and flawed access controls. While no major public security incidents have been widely documented, the three CVEs on record highlight persistent issues in their authentication mechanisms and web interfaces. These vulnerabilities typically allow attackers to bypass security controls, execute arbitrary code, or gain elevated privileges, underscoring the importance of regular patching and security hardening for their deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-41890 | Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation — Saml2CWE-289 | 7.5 | High | 2023-09-19 |
| CVE-2020-5268 | Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET — Saml2CWE-303 | 6.5 | Medium | 2020-04-21 |
| CVE-2020-5261 | Missing Token Replay Detection — Saml2CWE-294 | 8.2 | High | 2020-03-25 |
This page lists every published CVE security advisory associated with Sustainsys. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.