ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
SAML Vulnerability VU475445
Article ID: 104045
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We are using CA Federation Manager for our SAML based SSO solution, it has been brought to our attention below vulnerabilities around SAML, does these affect CA Single Sign.On?
CVE-2017-11427 - OneLogin’s "python-saml"
CVE-2017-11428 - OneLogin’s "ruby-saml"
CVE-2017-11429 - Clever’s "saml2-js"
CVE-2017-11430 - "OmniAuth-SAML"
CVE-2018-0489 - Shibboleth openSAML C++
CVE-2018-5387 - Wizkunde SAMLBase Regards Akshat
Environment
CA Single Sign-On R12.7
Resolution
CA published an advisory confirming that these vulnerabilities does not affect CA Single Sign-On:
https://support.ca.com/us/product-content/status/announcement-documents/2018/ca---proactive-notification---smplc---advisory---asmplc-100601.html
https://support.ca.com/us/product-content/status/announcement-documents/2018/ca---proactive-notification---smplc---advisory---asmplc-100601.html
CA Single Sign-On team has reviewed information related to the SAML federation vulnerability stemming from incorrect XML canonicalization and DOM traversal described here: https://www.kb.cert.org/vuls/id/475445.
The results of testing have demonstrated that CA Single Sign-On, and the previously named CA Federation, is not affected by this vulnerability.
If you need to subscribe to these notifications, you can do it by selecting the Single Sign-On notifications at the following link: https://support.ca.com/us/notifications-page.htmlFeedback
Yes
No
Powered by
