CVE-2021-3196
First published: Wed Jun 09 2021(Updated: )
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi ID Bravura Security Fabric | >=11.0.0<=11.1.3 | |
| Hitachi ID Bravura Security Fabric | >=12.0.0<=12.0.2 | |
| Hitachi ID Bravura Security Fabric | =12.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/hitachi
- canonical/hitachi id bravura security fabric
- version/hitachi id bravura security fabric/11.0.0
- version/hitachi id bravura security fabric/11.1.3
- version/hitachi id bravura security fabric/12.0.0
- version/hitachi id bravura security fabric/12.0.2
- version/hitachi id bravura security fabric/12.1.0