Updated: February 27, 2018
Statement Date: February 27, 2018
Not Affected
We have tested against the vulnerability and determined that our SAML SSO product is not affected.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2018 Updated: February 28, 2018
Statement Date: February 27, 2018
Not Affected
Box is not affected by VU#475445 and has provided guidance to customers on our community site here: https://community.box.com/t5/Box-Product-News/Recently-reported-SAML-vulnerabilities-What-you-need-to-know-as/ba-p/52403
We are not aware of further vendor information regarding this vulnerability.
Updated: March 07, 2018
Statement Date: March 06, 2018
Not Affected
"The results of testing have concluded that CA Single Sign-On, and the previously named CA Federation, is not affected by this vulnerability."
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2018 Updated: June 05, 2018
Statement Date: March 01, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Cisco AnyConnect and ASA and FTD software are not vulnerable.
Notified: January 24, 2018 Updated: February 26, 2018
Statement Date: February 24, 2018
Affected
No statement is currently available from the vendor regarding this vulnerability.
Both versions 1.x and 2.x versions are affected. A patch is available for both versions.
Updated: February 28, 2018
Statement Date: February 28, 2018
Not Affected
We have tested for this vulnerability and have determined that none of our SAML products are affected.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 24, 2018 Updated: January 24, 2018
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Updated: February 28, 2018
Statement Date: December 19, 2017
Affected
No statement is currently available from the vendor regarding this vulnerability.
Duo Network Gateway (DNG) is affected and assigned CVE-2018-7340.
Notified: January 24, 2018 Updated: February 28, 2018
Statement Date: February 28, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Entr'ouvert develops the lasso C library that implements SAML2. Entr'ouvert has determined lasso is not affected by this vulnerability.
Updated: March 07, 2018
Statement Date: March 07, 2018
Not Affected
"ForgeRock has carefully assessed our implementations of SAML 1.x, SAML2, OAuth2 SAML2 Grant, WS-Federation and the Java Fedlet, and determined that we are not affected by this vulnerability."
We are not aware of further vendor information regarding this vulnerability.
Notified: January 24, 2018 Updated: March 01, 2018
Statement Date: February 28, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Neither GitHub nor GitHub Enterprise are affected by this vulnerability.
Notified: March 02, 2018 Updated: March 02, 2018
Unknown
No statement is currently available from the vendor regarding this vulnerability.
Notified: February 23, 2018 Updated: March 01, 2018
Statement Date: February 28, 2018
Not Affected
Google Cloud / G Suite's SAML single sign-on for managed Google accounts using third party Identity Providers
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2018 Updated: March 02, 2018
Statement Date: March 02, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Microsoft Azure Active Directory (AAS) and Microsoft Windows Server Active Directory Federation Services (ADFS) are not affected.
Notified: January 29, 2018 Updated: February 27, 2018
Statement Date: February 15, 2018
Not Affected
Okta was made aware of the vulnerability before the public disclosure and immediately undertook a thorough code review and patched. Okta is not vulnerable, and we don't have any indication that the vulnerability was exploited in our systems.
Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud enables organizations to secure and manage their extended enterprise and transform their customers’ experiences. With over 5,000 pre-built integrations to applications, infrastructure and devices, Okta customers can easily and securely adopt the technologies they need to fulfill their missions.
Notified: January 24, 2018 Updated: February 06, 2018
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 24, 2018 Updated: February 27, 2018
Statement Date: February 27, 2018
Affected
Refer to the vendor's official notice.
Refer to the vendor's official notice.
Specific patch commits: ruby-saml https://github.com/onelogin/ruby-saml/releases/tag/v1.7.0 python-saml https://github.com/onelogin/python-saml/releases/tag/v2.4.0 python3-saml https://github.com/onelogin/python3-saml/releases/tag/v1.4.0
Updated: February 28, 2018
Statement Date: February 28, 2018
Not Affected
Ping Identity products (PingFederate, PingOne) have been verified and found to be Not Affected by VU#475445.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 24, 2018 Updated: February 28, 2018
Statement Date: February 28, 2018
Not Affected
The Pivotal, Spring and Cloud Foundry teams have determined that the UAA project and Spring Security SAML are not exposed to this vulnerability and therefore does not require any upgrades.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 28, 2018
Affected
All Pulse Secure products were evaluated and the following products are known to be vulnerable by this issue: All supported versions of Pulse Connect Secure with SAML authentication server configured as Service Provider Pulse WorkSpace with SAML enabled Pulse One with Enterprise (SAML) SSO enabled on the admin login vTM 17.4 (Only) with a virtual server configured for SAML authentication. For a list of supported software versions, please refer to our EOL policy. All other Pulse Secure products (not listed above) were determined as not vulnerable.
We are not aware of further vendor information regarding this vulnerability.
Notified: March 16, 2018 Updated: March 19, 2018
Statement Date: March 19, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Notified: January 24, 2018 Updated: March 14, 2018
Affected
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Updated: March 02, 2018
Statement Date: March 02, 2018
Unknown
We have tested for this vulnerability and have determined that the SAML functionality and processing is not affected by VU#475445.
We are not aware of further vendor information regarding this vulnerability.
Updated: May 18, 2018
Statement Date: May 16, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
Tools4ever utilizes an unaffected SAML library.
Updated: March 07, 2018
Statement Date: March 06, 2018
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The following products have been determined to be unaffected: · VMware vCenter Server · VMware Identity Manager · VMware Cloud Director
Updated: April 05, 2018
Statement Date: April 03, 2018
Affected
We've got notified about this bug on Monday 3-4-2018 and immediately took actions to fix the ability to exploit this at implementations of our library. The patch is written in this commit: https://github.com/Wizkunde/SAMLBase/commit/482cdf8c090e0f1179073034ebcb609ac7c3f5b3
Wizkunde SAMLBase prior to version 1.2.7 is affected, the issue was addressed in version 1.2.7. CVE-2018-5387 has been assigned.