What is the severity of CVE-2021-3196?

CVE-2021-3196 is classified as a high-severity vulnerability due to the potential for impersonation of users.

How do I fix CVE-2021-3196?

To mitigate CVE-2021-3196, update Hitachi ID Bravura Security Fabric to version 12.1.0 or later.

Which versions of Hitachi ID Bravura Security Fabric are affected by CVE-2021-3196?

CVE-2021-3196 affects versions 11.0.0 to 11.1.3 and 12.0.0 to 12.0.2, including 12.1.0.

Is there a workaround for CVE-2021-3196 if I cannot immediately upgrade?

Currently, the best solution for CVE-2021-3196 is to upgrade to the latest version of Hitachi ID Bravura Security Fabric, as no specific workaround is provided.

Vulnerability/
CVE-2021-3196

high

8.8

CWE

347

9/6/2021

3/8/2024

CVE-2021-3196

Q: What type of attack does CVE-2021-3196 enable?

CVE-2021-3196 allows attackers to inject additional data into a signed SAML response, enabling user impersonation.

First published: Wed Jun 09 2021(Updated: )

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Hitachi ID Bravura Security Fabric	>=11.0.0<=11.1.3
Hitachi ID Bravura Security Fabric	>=12.0.0<=12.0.2
Hitachi ID Bravura Security Fabric	=12.1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-3196?
CVE-2021-3196 is classified as a high-severity vulnerability due to the potential for impersonation of users.
How do I fix CVE-2021-3196?
To mitigate CVE-2021-3196, update Hitachi ID Bravura Security Fabric to version 12.1.0 or later.
Which versions of Hitachi ID Bravura Security Fabric are affected by CVE-2021-3196?
CVE-2021-3196 affects versions 11.0.0 to 11.1.3 and 12.0.0 to 12.0.2, including 12.1.0.
What type of attack does CVE-2021-3196 enable?
CVE-2021-3196 allows attackers to inject additional data into a signed SAML response, enabling user impersonation.
Is there a workaround for CVE-2021-3196 if I cannot immediately upgrade?
Currently, the best solution for CVE-2021-3196 is to upgrade to the latest version of Hitachi ID Bravura Security Fabric, as no specific workaround is provided.

agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/weakness
agent/last-modified-date
agent/author
agent/type
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/hitachi
canonical/hitachi id bravura security fabric
version/hitachi id bravura security fabric/11.0.0
version/hitachi id bravura security fabric/11.1.3
version/hitachi id bravura security fabric/12.0.0
version/hitachi id bravura security fabric/12.0.2
version/hitachi id bravura security fabric/12.1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.