Vulnerability Alert

CVE-2021-3196 Attackers Can Impersonate Another User

Severity: Critical

CVE-2021-3196 Attackers Can Impersonate Another User

Bravura Security has identified a vulnerability where attackers can impersonate another user, including higher privilege levels.


When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker injects additional data into a signed SAML response being transmitted to the service provider (Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

Affected Versions

The vulnerability affects versions 11.0.0 - 11.1.3, 12.0.0 - 12.0.2, and 12.1.0 when authentication is being done through a third-party SAML Identity Provider such as Okta, Azure, or SecureAuth.


If your Bravura Security Fabric solution authenticates via SAML with a third party service such as Okta, Azure, or SecureAuth, please check this knowledge base article for more information. The article contains details for requesting a patch from Bravura Security if a member of our team has not already been in contact with you on this topic. 


If you are not able to apply the recommended remediation we recommend you disable SAML integrations with third party Identity Providers and rely on built in authentication strategies.


Please contact if you have further questions on this topic.


Bravura Security would like to thank Michael Ellis for notifying us of this vulnerability.