CVE-2021-3196

{"id": "CVE-2021-3196", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-06-09T15:15:08.797", "references": [{"url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hitachi.com/hirt/security/index.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.hitachi.com/hirt/security/index.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Hitachi ID Bravura Security Fabric versiones 11.0.0 hasta 11.1.3, versiones 12.0.0 hasta 12.0.2 y versi\u00f3n 12.1.0. Cuando se usa la administraci\u00f3n de identidad federada (autenticando por medio de SAML mediante un proveedor de identidad de terceros), un atacante puede inyectar datos adicionales en una respuesta SAML firmada que ha sido transmitida al proveedor de servicios (ID Bravura Security Fabric). La aplicaci\u00f3n comprobada con \u00e9xito los valores firmados, pero usa los valores maliciosos sin firmar. Un atacante con acceso con privilegios m\u00e1s bajos a la aplicaci\u00f3n puede inyectar el nombre de usuario de un usuario con privilegios altos para hacerse pasar por ese usuario"}], "lastModified": "2024-11-21T06:21:07.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0833DD7B-9348-4D33-94C2-A232E3F6B2E3", "versionEndIncluding": "11.1.3", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253C33A7-DF3C-4175-8795-AAB1D70A6CE6", "versionEndIncluding": "12.0.2", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8167BAD5-DEB4-4DCC-9D43-3B67124F4FED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}