Back to CVE Browser

CVE-2021-3196

HIGH

8.8

CVSS Severity Score

EPSS Score0.0630%

EPSS Percentile25.66th

PublishedJun 9, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

Affected Platforms (CPE)

📦

Hitachi

Id Bravura Security Fabric

>= 11.0.0 and <= 11.1.3

📦

Hitachi

Id Bravura Security Fabric

>= 12.0.0 and <= 12.0.2

📦

Hitachi

Id Bravura Security Fabric

= 12.1.0

References & Advisories

🔗 https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user

🔗 https://www.hitachi.com/hirt/hitachi-sec/2021/601.html

🔗 https://www.hitachi.com/hirt/security/index.html

🔗 https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user

🔗 https://www.hitachi.com/hirt/hitachi-sec/2021/601.html

🔗 https://www.hitachi.com/hirt/security/index.html

Related Vulnerabilities

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...