Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3314

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2012-3314
Last Modified 31 Jan 2013 11:49:16
Published 02 Oct 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3314

Summary

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.

Vulnerable Systems

Application

  • Ibm Tivoli Federated Identity Manager 6.1.1

  • Ibm Tivoli Federated Identity Manager 6.2.0

  • Ibm Tivoli Federated Identity Manager 6.2.1

  • Ibm Tivoli Federated Identity Manager 6.2.2

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.1.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.2


References

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21612612

AIXAPAR - IV23448

AIXAPAR - IV23445

AIXAPAR - IV23442

AIXAPAR - IV23435

BID - 55732


Last Updated: 27 May 2016 11:00:50