|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1443
|Public exploit||Not available|
IBM Tivoli Federated Identity Manager
|Vulnerable software versions||
IBM Tivoli Federated Identity Manager 6.2.2
IBM Tivoli Federated Identity Manager 6.2.1
IBM Tivoli Federated Identity Manager 6.2.0
|Vendor URL||IBM Corporation|
The vulnerability allows a remote authenticated attacker to perform XXE attack and bypass security restrictions.
The vulnerability exists in SAML-based single sign-on (SSO) systems due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can trick SAML systems into authenticating as a different user without knowledge of the victim users password and bypass security restrictions to perform further attacks.
Install update from vendor's website.