CVE-2018-1443

Опубликовано: 08 мар. 2018

Источник: nvd

CVSS3: 5.9

CVSS2: 4.6

EPSS Низкий

Описание

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22014160
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22014161
Vendor Advisory
http://www.securityfocus.com/bid/103365
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040454
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040455
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/139754
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22014160
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22014161
Vendor Advisory
http://www.securityfocus.com/bid/103365
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040454
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040455
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/139754
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*

Версия от 9.0.0 (включая) до 9.0.4 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00061

Низкий

5.9 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-6cj6-68x7-f44g