CVE-2013-2279

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-2279
CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html
http://secunia.com/advisories/52610 Vendor Advisory
http://www.securityfocus.com/bid/58609
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D
http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html
http://secunia.com/advisories/52610 Vendor Advisory
http://www.securityfocus.com/bid/58609
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siteminder_agent_for_sharepoint:2010:*:*:*:*:*:*:*:*
cpe:2.3:a:siteminder_federation:12.0:*:*:*:*:*:*:*:*
cpe:2.3:a:siteminder_federation:12.0:-:standalone:*:*:*:*:*:*
cpe:2.3:a:siteminder_federation:12.1:-:standalone:*:*:*:*:*:*
cpe:2.3:a:siteminder_federation:12.5:*:*:*:*:*:*:*:*
cpe:2.3:a:siteminder_federation:r6.0:*:*:*:*:*:*:*:*
cpe:2.3:a:siteminder_for_secure_proxy_server:12.0:*:*:*:*:*:*:*:*
cpe:2.3:a:siteminder_for_secure_proxy_server:12.5:*:*:*:*:*:*:*:*
cpe:2.3:a:siteminder_for_secure_proxy_server:6.0:*:*:*:*:*:*:*:*
History

21 Nov 2024, 01:51

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html - () http://archives.neohapsis.com/archives/bugtraq/2013-03/0118.html -
References () http://secunia.com/advisories/52610 - Vendor Advisory () http://secunia.com/advisories/52610 - Vendor Advisory
References () http://www.securityfocus.com/bid/58609 - () http://www.securityfocus.com/bid/58609 -
References () https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D - () https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D -

07 Nov 2023, 02:15

Type Values Removed Values Added
References
  • {'url': 'https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5}', 'name': 'https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5}', 'tags': ['Broken Link'], 'refsource': 'CONFIRM'}
  • () https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B53E50CBD-6F6A-4B3A-85FF-36E44ABED8D5%7D -
Information

Published : 2013-03-21 17:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-2279

Mitre link : CVE-2013-2279

CVE.ORG link : CVE-2013-2279

JSON object : View

Products Affected

siteminder_agent_for_sharepoint

  • 2010

siteminder_federation

  • 12.1
  • r6.0
  • 12.0
  • 12.5

siteminder_for_secure_proxy_server

  • 12.0
  • 12.5
  • 6.0
CWE
CWE-20

Improper Input Validation