CVE-2018-1443
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
51.7%
An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | security_access_manager | * | cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:* |
| ibm | tivoli_federated_identity_manager | 6.2.0 | cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:* |
| ibm | tivoli_federated_identity_manager | 6.2.1 | cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:* |
| ibm | tivoli_federated_identity_manager | 6.2.2 | cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
51.7%