IBM Security Access Manager Appliance has addressed the following vulnerability
CVEID: CVE-2018-1443**
DESCRIPTION:** An XML parsing vulnerability affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139754> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected IBM Security Access Manager Appliance
|
Affected Versions
—|—
IBM Security Access Manager| 9.0.0 - 9.0.4
Product
| VRMF|APAR|Remediation
—|—|—|—
IBM Security Access Manager | 9.0.0 - 9.0.4| IJ04916| Open a ticket with Level 2 Support using your standard method
None