Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3138

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3138
Last Modified 06 Sep 2011 11:18:09
Published 12 Aug 2011 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3138

Summary

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety.

Vulnerable Systems

Application

  • Ibm Tivoli Federated Identity Manager 6.2.0

  • Ibm Tivoli Federated Identity Manager 6.2.0.1

  • Ibm Tivoli Federated Identity Manager 6.2.0.2

  • Ibm Tivoli Federated Identity Manager 6.2.0.3

  • Ibm Tivoli Federated Identity Manager 6.2.0.8

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.2

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.3

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.8


References

XF - ibm-tfim-security-bypass(69198)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg24029498

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg24029497

AIXAPAR - IV01318


Last Updated: 27 May 2016 10:57:14