Access Manager Identity Server and SAML vulnerability CVE-2018-0486 and Cert Vulnerability Note VU#475445

Duo recently uncovered a SAML vulnerability that impacts SAML service providers, documented at https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations. This was reported as Cert Vulnerability Note VU#475445, and CVE-2018-0486 and impacts a number of SAML SPs.

Is Access Manager impacted by this vulnerability?

While our original testing for CVE-2018-0486 revealed that we were not exposed, our extended follow up testing discovered a case in which we may be susceptible.  Apply 4.3.3 HF1 or 4.4.1 HF1 to address CVE-2018-0486.

It is strongly recommended that administrators keep up to date with patches and security updates to avoid vulnerabilities in general.