Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1386

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1386
Last Modified 04 Jan 2012 12:22:16
Published 03 Jan 2012 10:55:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1386

Summary

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.

Vulnerable Systems

Application

  • Ibm Tivoli Federated Identity Manager 6.1.1

  • Ibm Tivoli Federated Identity Manager 6.2.0

  • Ibm Tivoli Federated Identity Manager 6.2.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.1.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.1


References

XF - tfim-saml-weak-security(71686)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21575309

AIXAPAR - IV10813

AIXAPAR - IV10801

AIXAPAR - IV10793


Last Updated: 27 May 2016 10:57:18