CVE-2018-1443

Name of the Vulnerable Software and Affected Versions IBM Security Access Manager versions 9.0.0 through 9.0.4 IBM Tivoli Federated Identity Manager versions 6.0.2 through 6.2

Description The issue is related to an XML parsing vulnerability in IBM SAML-based single sign-on systems. This vulnerability can be exploited by an attacker with authenticated access to trick the SAML system into authenticating as a different user without needing the victim user's password.

Recommendations For IBM Security Access Manager versions 9.0.0 through 9.0.4, update to a version outside of this range to resolve the issue. For IBM Tivoli Federated Identity Manager versions 6.0.2 through 6.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the SAML authentication system to minimize the risk of exploitation.