XML Parsing Vulnerability in IBM SAML-Based Single Sign-On Systems
CVE-2018-1443
5.9MEDIUM
Key Information:
- Vendor
IBM
- Vendor
- CVE Published:
- 8 March 2018
What is CVE-2018-1443?
An XML parsing vulnerability in IBM's SAML-based single sign-on (SSO) systems can enable an authenticated attacker to manipulate the SAML authentication process, potentially leading to unauthorized access as a different user without needing to know the victim's password. This flaw primarily affects IBM Security Access Manager (versions 9.0.0 to 9.0.4) and IBM Tivoli Federated Identity Manager (versions 6.0.2 to 6.2). For more information, refer to the IBM X-Force ID: 139754.
Affected Version(s)
Security Access Manager 9.0.0.1
Security Access Manager 9.0.0
Security Access Manager 9.0.1.0