What is the severity of CVE-2013-2279?

CVE-2013-2279 has a critical severity rating as it allows attackers to spoof users through improper verification of XML signatures in SAML statements.

How do I fix CVE-2013-2279?

To fix CVE-2013-2279, update to the latest version of CA SiteMinder Federation or the affected agent products that implement proper XML signature verification.

Which versions are affected by CVE-2013-2279?

CVE-2013-2279 affects CA SiteMinder Federation versions 12.5, 12.0, 12.1, and r6, as well as SharePoint 2010 Agent and Secure Proxy Server versions 6.0, 12.0, and 12.5.

What are the implications of CVE-2013-2279?

CVE-2013-2279 allows remote attackers to impersonate users, potentially leading to unauthorized access to sensitive information.

Is there a workaround for CVE-2013-2279?

There is no official workaround for CVE-2013-2279; the recommended action is to apply the security updates provided by the vendor.

Vulnerability/
CVE-2013-2279

high

7.5

CWE

21/3/2013

13/8/2018

CVE-2013-2279: Input Validation

First published: Thu Mar 21 2013(Updated: )

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Siteminder Agent For SharePoint 2010
CA SSO / SiteMinder Federation
CA SSO / SiteMinder Federation	=standalone
Broadcom CA SiteMinder Federation 12.1	=standalone
CA SiteMinder
CA SiteMinder
CA SiteMinder for Secure Proxy Server
CA SiteMinder
CA SiteMinder

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2279?
CVE-2013-2279 has a critical severity rating as it allows attackers to spoof users through improper verification of XML signatures in SAML statements.
How do I fix CVE-2013-2279?
To fix CVE-2013-2279, update to the latest version of CA SiteMinder Federation or the affected agent products that implement proper XML signature verification.
Which versions are affected by CVE-2013-2279?
CVE-2013-2279 affects CA SiteMinder Federation versions 12.5, 12.0, 12.1, and r6, as well as SharePoint 2010 Agent and Secure Proxy Server versions 6.0, 12.0, and 12.5.
What are the implications of CVE-2013-2279?
CVE-2013-2279 allows remote attackers to impersonate users, potentially leading to unauthorized access to sensitive information.
Is there a workaround for CVE-2013-2279?
There is no official workaround for CVE-2013-2279; the recommended action is to apply the security updates provided by the vendor.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/author
agent/severity
agent/weakness
agent/tags
agent/description
agent/softwarecombine
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/siteminder agent for sharepoint
canonical/siteminder agent for sharepoint 2010
vendor/siteminder federation
canonical/ca sso / siteminder federation
version/ca sso / siteminder federation/standalone
canonical/broadcom ca siteminder federation 12.1
version/broadcom ca siteminder federation 12.1/standalone
canonical/ca siteminder
vendor/siteminder for secure proxy server
canonical/ca siteminder for secure proxy server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.