An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.
The whole application in rendered unusable until a console intervention.
Credits
This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session.
