CA Single Sign-On team has reviewed information related to the SAML federation vulnerability stemming from incorrect XML canonicalization and DOM traversal described here: https://www.kb.cert.org/vuls/id/475445.
The results of testing have demonstrated that CA Single Sign-On, and the previously named CA Federation, is not affected by this vulnerability.
If you need to subscribe to these notifications, you can do it by selecting the Single Sign-On notifications at the following link: https://support.ca.com/us/notifications-page.html