Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3315

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3315
Last Modified 18 Apr 2013 11:23:11
Published 08 Nov 2012 06:46:23
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3315

Summary

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.

Vulnerable Systems

Application

  • Ibm Tivoli Federated Identity Manager 6.1.1

  • Ibm Tivoli Federated Identity Manager 6.2.0

  • Ibm Tivoli Federated Identity Manager 6.2.0.1

  • Ibm Tivoli Federated Identity Manager 6.2.0.2

  • Ibm Tivoli Federated Identity Manager 6.2.0.3

  • Ibm Tivoli Federated Identity Manager 6.2.0.8

  • Ibm Tivoli Federated Identity Manager 6.2.0.9

  • Ibm Tivoli Federated Identity Manager 6.2.1

  • Ibm Tivoli Federated Identity Manager 6.2.2

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.1.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.2

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.3

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.8

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.1


References

XF - tfim-mcs-unauth-access(77796)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21615772

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21615770

AIXAPAR - IV26827

AIXAPAR - IV26826

AIXAPAR - IV26825

SECUNIA - 51163


Last Updated: 27 May 2016 11:02:17