How severe is CVE-2021-3196?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-3196?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2021-3196 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

Related Vulnerabilities

CVE-2013-3900

HIGH

CVSS:8.8(High)

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingChe...

CWE-3472013

CVE-2015-3298

HIGH

CVSS:8.8(High)

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.

CWE-3472015

CVE-2018-16515

HIGH

CVSS:8.8(High)

Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.

CWE-3472018

CVE-2018-6664

HIGH

CVSS:8.8(High)

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass th...

CWE-3472018

CVE-2019-3465

HIGH

CVSS:8.8(High)

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attac...

CWE-3472019

CVE-2020-13593

HIGH

CVSS:8.8(High)

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection...

CWE-3472020