Security Bulletin: IBM Security Access Manager Appliance is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443)

Summary

IBM Security Access Manager Appliance has addressed the following vulnerability

Vulnerability Details

CVEID: CVE-2018-1443**
DESCRIPTION:** An XML parsing vulnerability affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139754&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected IBM Security Access Manager Appliance

|

Affected Versions

—|—
IBM Security Access Manager| 9.0.0 - 9.0.4

Remediation/Fixes

Product

| VRMF|APAR|Remediation
—|—|—|—
IBM Security Access Manager | 9.0.0 - 9.0.4| IJ04916| Open a ticket with Level 2 Support using your standard method

Workarounds and Mitigations

None