CVE-2021-3196

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user	Vendor Advisory
https://www.hitachi.com/hirt/hitachi-sec/2021/601.html	Exploit Vendor Advisory
https://www.hitachi.com/hirt/security/index.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachi:id_bravura_security_fabric::::::::
	cpe:2.3:a:hitachi:id_bravura_security_fabric::::::::
	cpe:2.3:a:hitachi:id_bravura_security_fabric:12.1.0:::::::*

History

No history.

Information

Published : 2021-06-09 15:15

Updated : 2021-06-24 16:34

NVD link : CVE-2021-3196

Mitre link : CVE-2021-3196

CVE.ORG link : CVE-2021-3196

JSON object : View

Products Affected

hitachi

id_bravura_security_fabric

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2021-3196", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-06-09T15:15:08.797", "references": [{"url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hitachi.com/hirt/security/index.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Hitachi ID Bravura Security Fabric versiones 11.0.0 hasta 11.1.3, versiones 12.0.0 hasta 12.0.2 y versi\u00f3n 12.1.0. Cuando se usa la administraci\u00f3n de identidad federada (autenticando por medio de SAML mediante un proveedor de identidad de terceros), un atacante puede inyectar datos adicionales en una respuesta SAML firmada que ha sido transmitida al proveedor de servicios (ID Bravura Security Fabric). La aplicaci\u00f3n comprobada con \u00e9xito los valores firmados, pero usa los valores maliciosos sin firmar. Un atacante con acceso con privilegios m\u00e1s bajos a la aplicaci\u00f3n puede inyectar el nombre de usuario de un usuario con privilegios altos para hacerse pasar por ese usuario"}], "lastModified": "2021-06-24T16:34:35.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0833DD7B-9348-4D33-94C2-A232E3F6B2E3", "versionEndIncluding": "11.1.3", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "253C33A7-DF3C-4175-8795-AAB1D70A6CE6", "versionEndIncluding": "12.0.2", "versionStartIncluding": "12.0.0"}, {"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8167BAD5-DEB4-4DCC-9D43-3B67124F4FED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

8.8 /10