SAML Vulnerability VU475445

Document ID : KB000104045
Last Modified Date : 05/07/2018
Show Technical Document Details
Question:
We are using CA Federation Manager for our SAML based SSO solution, it has been brought to our attention below vulnerabilities around SAML, does these affect CA Single Sign.On?
CVE-2017-11427 - OneLogin’s "python-saml"
CVE-2017-11428 - OneLogin’s "ruby-saml"
CVE-2017-11429 - Clever’s "saml2-js"
CVE-2017-11430 - "OmniAuth-SAML"
CVE-2018-0489 - Shibboleth openSAML C++
CVE-2018-5387 - Wizkunde SAMLBase Regards Akshat
Environment:
CA Single Sign-On R12.7
Answer:
CA published an advisory confirming that these vulnerabilities does not affect CA Single Sign-On:
https://support.ca.com/us/product-content/status/announcement-documents/2018/ca---proactive-notification---smplc---advisory---asmplc-100601.html

CA Single Sign-On team has reviewed information related to the SAML federation vulnerability stemming from incorrect XML canonicalization and DOM traversal described here: https://www.kb.cert.org/vuls/id/475445.

The results of testing have demonstrated that CA Single Sign-On, and the previously named CA Federation, is not affected by this vulnerability.

If you need to subscribe to these notifications, you can do it by selecting the Single Sign-On notifications at the following link: https://support.ca.com/us/notifications-page.html