PT-2013-3637 · Microsoft+1 · Sharepoint Server+3

Published

2013-03-21

Updated

2018-08-13

CVE-2013-2279

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CA SiteMinder Federation (FSS) versions 12.0 through 12.5 CA SiteMinder Federation (Standalone) versions 12.0 through 12.1 CA Agent for SharePoint 2010 CA SiteMinder for Secure Proxy Server versions 6.0 through 12.5

Description The issue concerns the improper verification of XML signatures for SAML statements, allowing remote attackers to spoof other users and gain privileges.

Recommendations For CA SiteMinder Federation (FSS) versions 12.0 through 12.5, update the software to properly verify XML signatures. For CA SiteMinder Federation (Standalone) versions 12.0 through 12.1, update the software to properly verify XML signatures. For CA Agent for SharePoint 2010, update the software to properly verify XML signatures. For CA SiteMinder for Secure Proxy Server versions 6.0 through 12.5, update the software to properly verify XML signatures.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-2279

Affected Products

Ca Agent For Sharepoint

Ca Siteminder Federation

Ca Siteminder For Secure Proxy Server

Sharepoint Server

PT-2013-3637 · Microsoft+1 · Sharepoint Server+3

CVE-2013-2279

Weakness Enumeration

Related Identifiers

Affected Products

References · 5