Access Manager Identity Server and SAML vulnerability CVE-2018-0486 and Cert Vulnerability Note VU#475445

  • 7022691
  • 28-Feb-2018
  • 04-Apr-2018


Access Manager 4.3
Access Manager 4.4
Access Manager Identity Server
Cert Vulnerability Note VU#475445


Duo recently uncovered a SAML vulnerability that impacts SAML service providers, documented at This was reported as Cert Vulnerability Note VU#475445, and CVE-2018-0486 and impacts a number of SAML SPs.

Is Access Manager impacted by this vulnerability?


While our original testing for CVE-2018-0486 revealed that we were not exposed, our extended follow up testing discovered a case in which we may be susceptible.  Apply 4.3.3 HF1 or 4.4.1 HF1 to address CVE-2018-0486.

It is strongly recommended that administrators keep up to date with patches and security updates to avoid vulnerabilities in general.


Security Alert