QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1443

Back to search

CVE-2018-1443

Published: Mar 8, 2018

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.0

5.9

MEDIUM

Description

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.

VendorProductVersions

IBM

Security Access Manager

affected
9.0.0.1
affected
9.0.0
affected
9.0.1.0
affected
9.0.2.0
affected
9.0.2.1

+3 more versions

IBM

Tivoli Federated Identity Manager

affected
6.2.1
affected
6.2
affected
6.2.2

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/A:L/AC:L/AV:L/C:L/I:L/PR:N/S:U/UI:N

Availability

Low

Attack Complexity

Low

Attack Vector

Local

Confidentiality

Low

Integrity

Low

Privileges Required

None

Scope

Unchanged

User Interaction

None

References

1040454
vdb-entry
x_refsource_SECTRACK
1040455
vdb-entry
x_refsource_SECTRACK
103365
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now