CVE-2013-2279

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
siteminder_agent_for_sharepoint2010
*
siteminder_federation12.0
*
siteminder_federation12.0
-
siteminder_federation12.1
-
siteminder_federation12.5
*
siteminder_federationr6.0
*
siteminder_for_secure_proxy_server12.0
*
siteminder_for_secure_proxy_server12.5
*
siteminder_for_secure_proxy_server6.0
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html
http://secunia.com/advisories/52610
http://www.securityfocus.com/bid/58609
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D
http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html
http://secunia.com/advisories/52610
http://www.securityfocus.com/bid/58609
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D