Last Modified: May 11, 2023
Known Affected Versions:
Opened: Mar 29, 2023 Severity: 2-Critical
During SAML Authentication while TMM parses the assertion to extract the attributes and its respective values, all the attributes values are combined into a single string with '|' as separator and are assigned to a single variable leaving remaining ones empty.
All the session variables related to assertion attributes are assigned and stored incorrectly.
When the incoming attributes, in the assertion, are considered as multi-valued attributes, all the values of attributes are combined to form a single valued attribute in order to store in the SessionDB.