Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Hitachi ID Bravura Security Fabric 数据伪造问题漏洞
Vulnerability Description
Hitachi ID Bravura Security Fabric是日立(Hitachi)的一个独特的,强大的框架和平台,将Hitachi ID Bravura的所有层,包括身份,特权,通行证和组加上威胁检测层。 Hitachi ID Bravura Security Fabric存在数据伪造问题漏洞,该漏洞源于在ID Bravura Security Fabric使用联合身份管理时未正确限制来自不同授权角色的资源访问。利用该漏洞具有较低权限访问权限的攻击者可以注入高权限用户的用户名来模拟该用户。
CVSS Information
N/A
Vulnerability Type
N/A