Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7299

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-7299
Last Modified 12 Aug 2011 12:00:00
Published 12 Aug 2011 01:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7299

Summary

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.

Vulnerable Systems

Application

  • Ibm Tivoli Federated Identity Manager 6.2.0

  • Ibm Tivoli Federated Identity Manager 6.2.0.1


References

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg24029497

AIXAPAR - IZ35742


Last Updated: 27 May 2016 10:49:32