CVE-2013-2279
Published Mar 21, 2013
Last updated a year ago
Overview
- Description
- CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siteminder_agent_for_sharepoint:2010:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F694844-8413-4D9B-8C76-9D4B927E641F"
},
{
"criteria": "cpe:2.3:a:siteminder_federation:12.0:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B0A201A-7C3A-490A-8797-161243C1431E"
},
{
"criteria": "cpe:2.3:a:siteminder_federation:12.0:-:standalone:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1458D051-2E50-47C3-B6C1-95398B735AC9"
},
{
"criteria": "cpe:2.3:a:siteminder_federation:12.1:-:standalone:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66AD0800-9038-4AE4-9BE0-F8BD88AEC020"
},
{
"criteria": "cpe:2.3:a:siteminder_federation:12.5:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E65402C-C28E-465F-BF1F-D5BD00E07B94"
},
{
"criteria": "cpe:2.3:a:siteminder_federation:r6.0:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D837682C-E673-4614-A148-FCA72810AB57"
},
{
"criteria": "cpe:2.3:a:siteminder_for_secure_proxy_server:12.0:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16E308F5-8742-4331-9714-3AF327FA6FAA"
},
{
"criteria": "cpe:2.3:a:siteminder_for_secure_proxy_server:12.5:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BB791DA-CF53-4901-BE45-7C240B7EC4F6"
},
{
"criteria": "cpe:2.3:a:siteminder_for_secure_proxy_server:6.0:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E437A99-9539-4F2D-9117-608B9A89434B"
}
],
"operator": "OR"
}
]
}
]