5.9
CVE-2018-1443
- EPSS 0.06%
- Veröffentlicht 08.03.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:49
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginAn XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Security Access Manager Version >= 9.0.0 <= 9.0.4
Ibm ≫ Tivoli Federated Identity Manager Version6.2.0
Ibm ≫ Tivoli Federated Identity Manager Version6.2.1
Ibm ≫ Tivoli Federated Identity Manager Version6.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.188 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.5 | 3.4 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@us.ibm.com | 5.9 | 2.5 | 3.4 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.