1. Home
  2. CVE Database
  3. CVE-2013-2279
HIGH · 7.5

CVE-2013-2279

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify...

Vulnerability Description

CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain privileges.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Siteminder Agent For Sharepoint2010All versions
Siteminder Federation12.0All versions
Siteminder Federation12.1-
Siteminder Federation12.5All versions
Siteminder FederationR6.0All versions
Siteminder For Secure Proxy Server12.0All versions
Siteminder For Secure Proxy Server12.5All versions
Siteminder For Secure Proxy Server6.0All versions

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2013-2279?

CVE-2013-2279 is a vulnerability with a CVSS score of 7.5 (HIGH). CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify...

How severe is CVE-2013-2279?

CVE-2013-2279 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2279?

Check the references section above for vendor advisories and patch information. Affected products include: Siteminder Agent For Sharepoint 2010, Siteminder Federation 12.0, Siteminder Federation 12.1, Siteminder Federation 12.5, Siteminder Federation R6.0.