CVE-2018-1443

Summary

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.

Affected Software

VendorProductVersion RangeStatus
IBMSecurity Access Manager9.0.0.1affected
IBMSecurity Access Manager9.0.0affected
IBMSecurity Access Manager9.0.1.0affected
IBMSecurity Access Manager9.0.2.0affected
IBMSecurity Access Manager9.0.2.1affected
IBMSecurity Access Manager9.0.3affected
IBMSecurity Access Manager9.0.3.1affected
IBMSecurity Access Manager9.0.4affected
IBMTivoli Federated Identity Manager6.2.1affected
IBMTivoli Federated Identity Manager6.2affected
IBMTivoli Federated Identity Manager6.2.2affected

Weaknesses

  • Gain Privileges

ADP Enrichment

CVE Program Container

Additional References

References