CVE-2021-3196 - OpenCVE

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachi	Id Bravura Security Fabric

Configuration 1 [-]

OR	cpe:2.3:a:hitachi:id_bravura_security_fabric::::::::
	cpe:2.3:a:hitachi:id_bravura_security_fabric::::::::
	cpe:2.3:a:hitachi:id_bravura_security_fabric:12.1.0:::::::*

No data.

References

Link	Providers
https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user
https://www.hitachi.com/hirt/hitachi-sec/2021/601.html
https://www.hitachi.com/hirt/security/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-06-09T14:10:56

Updated: 2024-08-03T16:45:51.390Z

Reserved: 2021-01-21T00:00:00

Link: CVE-2021-3196

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-09T15:15:08.797

Modified: 2021-06-24T16:34:35.617

Link: CVE-2021-3196

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-09T14:10:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.hitachi.com/hirt/security/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3196", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.hitachi.com/hirt/security/index.html", "refsource": "MISC", "url": "https://www.hitachi.com/hirt/security/index.html"}, {"name": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html", "refsource": "CONFIRM", "url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html"}, {"name": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user", "refsource": "CONFIRM", "url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:45:51.390Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.hitachi.com/hirt/security/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3196", "datePublished": "2021-06-09T14:10:56", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2024-08-03T16:45:51.390Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:*:*:*:*:*:*:*:*", "matchCriteriaId": "0833DD7B-9348-4D33-94C2-A232E3F6B2E3", "versionEndIncluding": "11.1.3", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:*:*:*:*:*:*:*:*", "matchCriteriaId": "253C33A7-DF3C-4175-8795-AAB1D70A6CE6", "versionEndIncluding": "12.0.2", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:id_bravura_security_fabric:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8167BAD5-DEB4-4DCC-9D43-3B67124F4FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Hitachi ID Bravura Security Fabric versiones 11.0.0 hasta 11.1.3, versiones 12.0.0 hasta 12.0.2 y versi\u00f3n 12.1.0. Cuando se usa la administraci\u00f3n de identidad federada (autenticando por medio de SAML mediante un proveedor de identidad de terceros), un atacante puede inyectar datos adicionales en una respuesta SAML firmada que ha sido transmitida al proveedor de servicios (ID Bravura Security Fabric). La aplicaci\u00f3n comprobada con \u00e9xito los valores firmados, pero usa los valores maliciosos sin firmar. Un atacante con acceso con privilegios m\u00e1s bajos a la aplicaci\u00f3n puede inyectar el nombre de usuario de un usuario con privilegios altos para hacerse pasar por ese usuario"}], "id": "CVE-2021-3196", "lastModified": "2021-06-24T16:34:35.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2021-06-09T15:15:08.797", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/hirt/security/index.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}