|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1443
|CWE ID|| CWE-611
|Public exploit||Not available|
Security Access Manager
|Vulnerable software versions||
Security Access Manager 9.0.4
Security Access Manager 9.0.3
Security Access Manager 9.0.2
Security Access Manager 9.0.1
Security Access Manager 9.0.0
|Vendor URL||IBM Corporation|
The vulnerability allows a remote authenticated attacker to perform XXE attack and bypass security restrictions.
The vulnerability exists in SAML-based single sign-on (SSO) systems due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can trick SAML systems into authenticating as a different user without knowledge of the victim users password and bypass security restrictions to perform further attacks.
Install update from vendor's website.External links