CVE-2013-2279
Last modified
CVE-2013-2279 is a vulnerability of currently unknown severity. CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.. EPSS estimates a 1.53% chance of exploitation in the next 30 days.
Description
CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Siteminder Agent For Sharepoint | 2010 | All versions | — |
| Siteminder Federation | 12.0 | All versions | — |
| Siteminder Federation | 12.1 | All versions | Standalone |
| Siteminder Federation | 12.5 | All versions | — |
| Siteminder Federation | R6.0 | All versions | — |
| Siteminder For Secure Proxy Server | 12.0 | All versions | — |
| Siteminder For Secure Proxy Server | 12.5 | All versions | — |
| Siteminder For Secure Proxy Server | 6.0 | All versions | — |
References
- http://secunia.com/advisories/52610Vendor Advisory
- http://secunia.com/advisories/52610Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-2279?
How severe is CVE-2013-2279?
How do I fix CVE-2013-2279?
Are you affected by CVE-2013-2279?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST