Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2279

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-2279
Last Modified 22 Mar 2013 11:16:01
Published 21 Mar 2013 01:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-2279

Summary

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

Vulnerable Systems

Application

  • Siteminder Agent For Sharepoint 2010

  • Siteminder Federation 12.0

  • Siteminder Federation 12.0 -

  • Siteminder Federation 12.1 -

  • Siteminder Federation 12.5

  • Siteminder Federation R6.0

  • Siteminder For Secure Proxy Server 12.0

  • Siteminder For Secure Proxy Server 12.5

  • Siteminder For Secure Proxy Server 6.0


References

BID - 58609

SECUNIA - 52610

BUGTRAQ - 20130319 CA20130319-01: Security Notice for SiteMinder products using SAML

CONFIRM - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5}


Last Updated: 27 May 2016 11:02:07