CVE-2013-2279

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html
http://secunia.com/advisories/52610	Vendor Advisory
http://www.securityfocus.com/bid/58609
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siteminder_agent_for_sharepoint:2010::::::::
	cpe:2.3:a:siteminder_federation:12.0::::::::
	cpe:2.3:a:siteminder_federation:12.0:-:standalone::::::
	cpe:2.3:a:siteminder_federation:12.1:-:standalone::::::
	cpe:2.3:a:siteminder_federation:12.5::::::::
	cpe:2.3:a:siteminder_federation:r6.0::::::::
	cpe:2.3:a:siteminder_for_secure_proxy_server:12.0::::::::
	cpe:2.3:a:siteminder_for_secure_proxy_server:12.5::::::::
	cpe:2.3:a:siteminder_for_secure_proxy_server:6.0::::::::

History

No history.

Information

Published : 2013-03-21 17:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-2279

Mitre link : CVE-2013-2279

CVE.ORG link : CVE-2013-2279

JSON object : View

Products Affected

siteminder_federation

12.0
12.1
r6.0
12.5

siteminder_for_secure_proxy_server

12.5
6.0
12.0

siteminder_agent_for_sharepoint

2010

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-2279", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-03-21T17:55:03.397", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/52610", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/58609", "source": "cve@mitre.org"}, {"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges."}, {"lang": "es", "value": "CA SiteMinder Federation (FSS) v12.5, v12.0, y r6, y Federation (Standalone) v12.1 y 12.0; Agente para SharePoint v2010 y SiteMinder para Secure Proxy Server v6.0, v12.0, y v12.5 no verifica correctamente las firmas XML para declaraciones SAML, lo que permite atacantes remotos para suplantar a otros usuarios y ganar privilegios."}], "lastModified": "2023-11-07T02:15:00.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siteminder_agent_for_sharepoint:2010:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F694844-8413-4D9B-8C76-9D4B927E641F"}, {"criteria": "cpe:2.3:a:siteminder_federation:12.0:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B0A201A-7C3A-490A-8797-161243C1431E"}, {"criteria": "cpe:2.3:a:siteminder_federation:12.0:-:standalone:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1458D051-2E50-47C3-B6C1-95398B735AC9"}, {"criteria": "cpe:2.3:a:siteminder_federation:12.1:-:standalone:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66AD0800-9038-4AE4-9BE0-F8BD88AEC020"}, {"criteria": "cpe:2.3:a:siteminder_federation:12.5:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E65402C-C28E-465F-BF1F-D5BD00E07B94"}, {"criteria": "cpe:2.3:a:siteminder_federation:r6.0:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D837682C-E673-4614-A148-FCA72810AB57"}, {"criteria": "cpe:2.3:a:siteminder_for_secure_proxy_server:12.0:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16E308F5-8742-4331-9714-3AF327FA6FAA"}, {"criteria": "cpe:2.3:a:siteminder_for_secure_proxy_server:12.5:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BB791DA-CF53-4901-BE45-7C240B7EC4F6"}, {"criteria": "cpe:2.3:a:siteminder_for_secure_proxy_server:6.0:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E437A99-9539-4F2D-9117-608B9A89434B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}