SAML Vulnerability VU475445

book

Article ID: 104045

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



We are using CA Federation Manager for our SAML based SSO solution, it has been brought to our attention below vulnerabilities around SAML, does these affect CA Single Sign.On?
CVE-2017-11427 - OneLogin’s "python-saml"
CVE-2017-11428 - OneLogin’s "ruby-saml"
CVE-2017-11429 - Clever’s "saml2-js"
CVE-2017-11430 - "OmniAuth-SAML"
CVE-2018-0489 - Shibboleth openSAML C++
CVE-2018-5387 - Wizkunde SAMLBase Regards Akshat

Environment

CA Single Sign-On R12.7

Resolution

CA published an advisory confirming that these vulnerabilities does not affect CA Single Sign-On:
https://support.ca.com/us/product-content/status/announcement-documents/2018/ca---proactive-notification---smplc---advisory---asmplc-100601.html

CA Single Sign-On team has reviewed information related to the SAML federation vulnerability stemming from incorrect XML canonicalization and DOM traversal described here: https://www.kb.cert.org/vuls/id/475445.

The results of testing have demonstrated that CA Single Sign-On, and the previously named CA Federation, is not affected by this vulnerability.

If you need to subscribe to these notifications, you can do it by selecting the Single Sign-On notifications at the following link: https://support.ca.com/us/notifications-page.html