Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443 )

Summary

IBM Tivoli Federated Identity Manager has addressed the following vulnerability

Vulnerability Details

CVEID: CVE-2018-1443**
DESCRIPTION:** An XML parsing vulnerability affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139754&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected IBM Security Access Manager Appliance

|

Affected Versions

—|—
IBM Tivoli Federated Identity Manager| 6.2
6.2.1
6.2.2

Remediation/Fixes

Product

| VRMF|APAR|Remediation
—|—|—|—
IBM Tivoli Federated Identity Manager| 6.2
6.2.1
6.2.2| IJ04891| Open a ticket with Level 2 Support using your standard method

Workarounds and Mitigations

None