European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.Referenceshttps://sec-consult.com/en/blog/advisories/15587/
