Security readout for executives and security teams
PySAML2 versions 4.4.0 and earlier could be tricked into processing malicious SAML XML that reads local files from the server. For organizations using SAML single sign-on, this creates risk of sensitive file disclosure from identity-provider or service-provider systems. Exposure is likely where Python applications, identity providers, or service providers use PySAML2 4.4.0 or earlier to parse SAML requests or responses. Systems relying on OS packages should check Debian or Red Hat advisory applicability. Prioritize remediation on internet-facing or partner-facing SAML systems. The business risk is confidential data exposure from authentication infrastructure, but the provided evidence does not support confirmed active exploitation. Mitigation focus: Identify all applications and OS packages using PySAML2.; Upgrade PySAML2 beyond 4.4.0 using upstream or distribution guidance.; Apply relevant Debian or Red Hat security updates where packages are managed by the OS..
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2016-10149 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- https://github.com/rohe/pysaml2/issues/366CVE reference · x_refsource_MISC
- RHSA-2017:0936CVE reference · vendor-advisory, x_refsource_REDHAT
- https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9bCVE reference · x_refsource_CONFIRM
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716CVE reference · x_refsource_CONFIRM
- RHSA-2017:0938CVE reference · vendor-advisory, x_refsource_REDHAT
- https://github.com/rohe/pysaml2/pull/379CVE reference · x_refsource_CONFIRM
- RHSA-2017:0937CVE reference · vendor-advisory, x_refsource_REDHAT
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
