XML Parsing Vulnerability in IBM SAML-Based Single Sign-On Systems
CVE-2018-1443

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 March 2018

Summary

An XML parsing vulnerability in IBM's SAML-based single sign-on (SSO) systems can enable an authenticated attacker to manipulate the SAML authentication process, potentially leading to unauthorized access as a different user without needing to know the victim's password. This flaw primarily affects IBM Security Access Manager (versions 9.0.0 to 9.0.4) and IBM Tivoli Federated Identity Manager (versions 6.0.2 to 6.2). For more information, refer to the IBM X-Force ID: 139754.

Affected Version(s)

Security Access Manager 9.0.0.1

Security Access Manager 9.0.0

Security Access Manager 9.0.1.0

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.