Medium severity5.9NVD Advisory· Published Mar 8, 2018· Updated Jun 17, 2026

CVE-2018-1443

Description

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim users password. IBM X-Force ID: 139754.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

IBM/IBM Security Access Managerllm-create
Range: 9.0.0 - 9.0.4
IBM/Tivoli Federated Identity Managerllm-fuzzy2 versions
6.2 - 6.0.2+ 1 more
- (no CPE)range: 6.2 - 6.0.2
- (no CPE)range: 6.2.1
IBM/Security Access Manager For Web 8.0 Firmwarecpe-rescue
Range: 9.0.0.1

Patches

Vulnerability mechanics

References

www.ibm.com/support/docview.wssnvdVendor Advisory
www.ibm.com/support/docview.wssnvdVendor Advisory
www.securityfocus.com/bid/103365nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040454nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040455nvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/139754nvdVDB EntryVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000