Skip to main content



Coupa Success Portal

Single Sign On (SSO) Vulnerabilities for various SAML libraries

Single Sign-on (SSO) Vulnerabilities for various SAML libraries

Updated March 15, 2018

Multiple vulnerabilities have been reported related to how Single sign on (SSO) vendors and SAML libraries use the SAML protocol.

CVE-2017-11427 - OneLogin’s "python-saml"
CVE-2017-11428 - OneLogin’s "ruby-saml"
CVE-2017-11429 - Clever’s "saml2-js"
CVE-2017-11430 - "OmniAuth-SAML"
CVE-2018-0489 - Shibboleth openSAML C++

Coupa allows customers to configure SSO integration using SAML with their identity providers. Coupa uses a commercial vendor to implement the SAML service provider functionality within the product. The vendor used by Coupa is not vulnerable to the reported vulnerabilities.

  • Was this article helpful?