SAML Response without signature
Description
The web application uses SAML. The web application's SAML Consumer Service doesn't require SAML Response signature.
An authenticated attacker may be able to use it to escalate privileges to a high privileged user or to takeover accounts of other users in the application.
Remediation
Change configuration of the SAML service to require a valid signature for SAML Response