CVE-2013-2279

CA SiteMinder Federation and Agent for SharePoint - XML Signature Spoofing via SAML Statement

Title source: llm
STIX 2.1

Description

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52610
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58609

Scores

EPSS 0.0153
EPSS Percentile 71.7%

Details

CWE
CWE-20
Status published
Products (8)
siteminder_agent_for_sharepoint/2010
siteminder_federation/12.0 (2 CPE variants)
siteminder_federation/12.1
siteminder_federation/12.5
siteminder_federation/r6.0
siteminder_for_secure_proxy_server/12.0
siteminder_for_secure_proxy_server/12.5
siteminder_for_secure_proxy_server/6.0
Published Mar 21, 2013
Tracked Since Feb 18, 2026