Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6359

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6359
Last Modified 10 Apr 2013 12:00:00
Published 18 Jan 2013 04:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6359

Summary

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes.

Vulnerable Systems

Application

  • Ibm Tivoli Federated Identity Manager 6.2.0

  • Ibm Tivoli Federated Identity Manager 6.2.0.1

  • Ibm Tivoli Federated Identity Manager 6.2.0.10

  • Ibm Tivoli Federated Identity Manager 6.2.0.2

  • Ibm Tivoli Federated Identity Manager 6.2.0.3

  • Ibm Tivoli Federated Identity Manager 6.2.0.8

  • Ibm Tivoli Federated Identity Manager 6.2.0.9

  • Ibm Tivoli Federated Identity Manager 6.2.1

  • Ibm Tivoli Federated Identity Manager 6.2.1.1

  • Ibm Tivoli Federated Identity Manager 6.2.1.2

  • Ibm Tivoli Federated Identity Manager 6.2.2

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.10

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.2

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.3

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.8

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.0.9

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.1

  • Ibm Tivoli Federated Identity Manager Business Gateway 6.2.2


References

XF - tfim-openid-weak-security(77790)

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21615748

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21615744

AIXAPAR - IV23453

AIXAPAR - IV23452

AIXAPAR - IV23451

BID - 56390

SECUNIA - 51212


Last Updated: 27 May 2016 11:01:42