IBM Tivoli Federated Identity Manager has addressed the following vulnerability
CVEID: CVE-2018-1443**
DESCRIPTION:** An XML parsing vulnerability affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139754> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected IBM Security Access Manager Appliance
|
Affected Versions
—|—
IBM Tivoli Federated Identity Manager| 6.2
6.2.1
6.2.2
Product
| VRMF|APAR|Remediation
—|—|—|—
IBM Tivoli Federated Identity Manager| 6.2
6.2.1
6.2.2| IJ04891| Open a ticket with Level 2 Support using your standard method
None