The Shibboleth Service Provider is a software used by organizations to manage identity and access. This vulnerability allows an attacker to inject malicious SQL code into the database, potentially extracting sensitive data or disrupting system operations.
You're affected if you use An SQL. Affected versions: 3.5.0 If you don't recognise this software, you're probably not affected.
To fix this vulnerability, upgrade to Shibboleth Service Provider version 3.5.1 or later from the official website: https://shibboleth.net/downloads/service-provider/3.5.1/. Alternatively, apply immediate mitigations:
replayCacheEnabled to false in your shibboleth2.xml configuration file.