Boletines de Vulnerabilidades

IBM Security Bulletin: OpenSAML XML information disclosure (CVE-2013-6440)

Información sobre el sistema
   
Software afectado IBM

Descripción
p dir="ltr"> A version of OpenSAML shipped with Cúram could allow a remote authenticated attacker to obtain sensitive information. Customers that use opensaml.jar to secure web services may be affected. CVE(s): CVE-2013-6440 Affected product(s) and affected version(s): Cúram Social Program Management All products are affected when running code releases 6.0 SP2, 6.0.3.0, 6.0.4.0, 6.0.4.3, 6.0.4.4, 6.0.4.5, 6.0.5.2, 6.0.5.3, 6.0.5.4. Refer to the following

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_opensaml_xml_information_disclosure_cve_2013_6440?lang=en_us

Identificadores estándar
Propiedad Valor
CVE CVE-2013-6440 ,CVE-2013-4032 ,CVE-2013-4033 ,CVE-2014-3042 and CVE-2014-0160.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-06-11

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT