XML Parsing Vulnerability in IBM SAML-Based Single Sign-On Systems
CVE-2018-1443
5.9MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 8 March 2018
Summary
An XML parsing vulnerability in IBM's SAML-based single sign-on (SSO) systems can enable an authenticated attacker to manipulate the SAML authentication process, potentially leading to unauthorized access as a different user without needing to know the victim's password. This flaw primarily affects IBM Security Access Manager (versions 9.0.0 to 9.0.4) and IBM Tivoli Federated Identity Manager (versions 6.0.2 to 6.2). For more information, refer to the IBM X-Force ID: 139754.
Affected Version(s)
Security Access Manager 9.0.0.1
Security Access Manager 9.0.0
Security Access Manager 9.0.1.0
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved