WS-2018-0227 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0227

WS-2018-0227

Published:May 14, 2026

Updated:May 14, 2026

Simplesamlphp, before 1.16.3, has a Credentials exposure in session storage vulnerability.

Affected Packages

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.11.0-rc1 <dev-release-2.x

Fix Suggestion:

Update to version dev-release-2.x

simplesamlphp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.6.0-rc1 <v1.6.0

Fix Suggestion:

Update to version v1.6.0

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.5.0-rc1 <v1.5.0

Fix Suggestion:

Update to version v1.5.0

rozmarbeka/simplesamlphp (PHP):

Affected version(s) =dev-feature/interface-cleanup <dev-master

Fix Suggestion:

Update to version dev-master

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.9.1 <v1.10

Fix Suggestion:

Update to version v1.10

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.8.0 <v1.8

Fix Suggestion:

Update to version v1.8

rozmarbeka/simplesamlphp (PHP):

Affected version(s) =dev-simplesamlphp-1.12 <simplesamlphp-1.12.0

Fix Suggestion:

Update to version simplesamlphp-1.12.0

simplesamlphp/simplesamlphp (PHP):

Affected version(s) >=dev-simplesamlphp-1.13 <dev-dependabot/composer/simplesamlphp/xml-common-1.16.0

Fix Suggestion:

Update to version dev-dependabot/composer/simplesamlphp/xml-common-1.16.0

simplesamlphp/simplesamlphp-module-ldap (PHP):

Affected version(s) =v1.14.8 <v1.14.9

Fix Suggestion:

Update to version v1.14.9

ym-careers/simplesamlphp (PHP):

Affected version(s) >=v1.0.6 <dev-feature/update-saml2-version

Fix Suggestion:

Update to version dev-feature/update-saml2-version

helsingborg-stad/municipio (PHP):

Affected version(s) =1.0.2 <v1.0.2

Fix Suggestion:

Update to version v1.0.2

simplesamlphp/simplesamlphp (PHP):

Affected version(s) >=dev-simplesamlphp-1.16 <dev-dependabot/composer/simplesamlphp/xml-common-1.16.1

Fix Suggestion:

Update to version dev-dependabot/composer/simplesamlphp/xml-common-1.16.1

ym-careers/simplesamlphp (PHP):

Affected version(s) =dev-master <dev-release/v.1.0.7

Fix Suggestion:

Update to version dev-release/v.1.0.7

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.6.1 <v1.6.1

Fix Suggestion:

Update to version v1.6.1

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.6.0-rc1 <v1.6.0

Fix Suggestion:

Update to version v1.6.0

ym-careers/simplesamlphp (PHP):

Affected version(s) =dev-DEVELOP <dev-feature/twigphp-twig-vulnerability-updates

Fix Suggestion:

Update to version dev-feature/twigphp-twig-vulnerability-updates

tvdijen/simplesamlphp (PHP):

Affected version(s) =dev-refactor-ldap <dev-validUntilcacheDuration

Fix Suggestion:

Update to version dev-validUntilcacheDuration

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.6.2 <v1.7.0

Fix Suggestion:

Update to version v1.7.0

madmatt/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.6.2 <v1.7.0

Fix Suggestion:

Update to version v1.7.0

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.8.2 <v1.8.2

Fix Suggestion:

Update to version v1.8.2

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.5.1-rc1 <v1.5.1

Fix Suggestion:

Update to version v1.5.1

helsingborg-stad/municipio (PHP):

Affected version(s) >=0.3.1 <v1.0.0-alpha

Fix Suggestion:

Update to version v1.0.0-alpha

simplesamlphp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.11.0-rc1 <dev-condition-2

Fix Suggestion:

Update to version dev-condition-2

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.9.2 <v1.9.2

Fix Suggestion:

Update to version v1.9.2

rozmarbeka/simplesamlphp (PHP):

Affected version(s) =dev-simplesamlphp-1.13 <v1.13.0

Fix Suggestion:

Update to version v1.13.0

madmatt/simplesamlphp (PHP):

Affected version(s) =dev-feature/interface-cleanup <dev-master

Fix Suggestion:

Update to version dev-master

simplesamlphp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.6.2 <v1.7.0

Fix Suggestion:

Update to version v1.7.0

helsingborg-stad/municipio (PHP):

Affected version(s) =2.0.5 <dev-dependabot/npm_and_yarn/hosted-git-info-2.8.9

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/hosted-git-info-2.8.9

simplesamlphp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.5.0-rc1 <v1.5.0

Fix Suggestion:

Update to version v1.5.0

madmatt/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.5.0-rc1 <v1.5.0

Fix Suggestion:

Update to version v1.5.0

helsingborg-stad/municipio (PHP):

Affected version(s) =2.0.0 <dev-feat/2iqOr200iq

Fix Suggestion:

Update to version dev-feat/2iqOr200iq

madmatt/simplesamlphp (PHP):

Affected version(s) >=simplesamlphp-1.5.0-rc1 <=v1.13.2

Fix Suggestion:

Update to version no_fix

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.8.1 <v1.9

Fix Suggestion:

Update to version v1.9

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.8.1 <v1.8.1

Fix Suggestion:

Update to version v1.8.1

simplesamlphp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.8.3 <dev-release-1.9.x

Fix Suggestion:

Update to version dev-release-1.9.x

rozmarbeka/simplesamlphp (PHP):

Affected version(s) =dev-simplesamlphp-1.14 <v1.14.0

Fix Suggestion:

Update to version v1.14.0

linkid/linkid-sdk (PHP):

Affected version(s) =1.0 <2.0

Fix Suggestion:

Update to version 2.0

simplesamlphp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.5.1-rc1 <v1.5.1

Fix Suggestion:

Update to version v1.5.1

madmatt/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.8.0-rc1 <dev-release-2.x

Fix Suggestion:

Update to version dev-release-2.x

ym-careers/simplesamlphp (PHP):

Affected version(s) >=dev-dependabot/composer/twig/twig-2.15.3 <=dev-feature/resource-404-fix

Fix Suggestion:

Update to version no_fix

simplesamlphp/simplesamlphp (PHP):

Affected version(s) >=v1.16.1 <1.16.3

Fix Suggestion:

Update to version 1.16.3

rozmarbeka/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.8.0-rc1 <v1.8

Fix Suggestion:

Update to version v1.8

rozmarbeka/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.6.1 <v1.6.1

Fix Suggestion:

Update to version v1.6.1

temp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.5.0-rc1 <=svn/tags/simplesamlphp-1.11.0

Fix Suggestion:

Update to version no_fix

simplesamlphp/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.10.0-rc1 <v1.10

Fix Suggestion:

Update to version v1.10

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.8.0-rc1 <dev-release-1.8.x

Fix Suggestion:

Update to version dev-release-1.8.x

ym-careers/simplesamlphp (PHP):

Affected version(s) >=v1.0.0 <dev-release/v1.0.6

Fix Suggestion:

Update to version dev-release/v1.0.6

kosolution/simplesamlphp (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

pi/pi (PHP):

Affected version(s) >=v2.5.0-alpha1 <2.5.0

Fix Suggestion:

Update to version 2.5.0

simplesamlphp/simplesamlphp (PHP):

Affected version(s) >=v1.12.0 <dev-dependabot/npm_and_yarn/jquery-ui-1.13.0

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/jquery-ui-1.13.0

srce/simplesamlphp-aai (PHP):

Affected version(s) =dev-feat/composer <dev-master

Fix Suggestion:

Update to version dev-master

helsingborg-stad/municipio (PHP):

Affected version(s) >=2.0.1 <dev-dependabot/npm_and_yarn/loader-utils-2.0.4

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/loader-utils-2.0.4

madmatt/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.5.1-rc1 <v1.5.1

Fix Suggestion:

Update to version v1.5.1

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.9.0 <v1.9

Fix Suggestion:

Update to version v1.9

simplesamlphp/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.9.1 <v1.9.1

Fix Suggestion:

Update to version v1.9.1

madmatt/saml2 (PHP):

Affected version(s) >=svn/tags/simplesamlphp-1.6.0-rc1 <v1.6.0

Fix Suggestion:

Update to version v1.6.0

madmatt/saml2 (PHP):

Affected version(s) =svn/tags/simplesamlphp-1.6.1 <v1.6.1

Fix Suggestion:

Update to version v1.6.1

Related Resources (2)

https://github.com/simplesamlphp/simplesamlphp/commit/44d1e3052930d93f0f554c25bc7c7602f8136880

https://simplesamlphp.org/security/201812-01

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE