Vulnerability in Ibm Tivoli_federated_identity_manager
CVE-2011-1386
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attacker…
EPSS: 0.002 (41.0th percentile) — read the EPSS interpretation.
Affected products
- Ibm Tivoli_federated_identity_manager — versions 6.1.1, 6.2.0, 6.2.1
- Ibm Tivoli_federated_identity_manager_business_gateway — versions 6.1.1, 6.2.0, 6.2.1
- N/a — versions n/a
Weakness classification (CWE)
References
- IV10813 (vendor-advisory, x_refsource_AIXAPAR)
- tfim-saml-weak-security(71686) (vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- IV10793 (vendor-advisory, Patch, x_refsource_AIXAPAR, Vendor Advisory)
- IV10801 (vendor-advisory, x_refsource_AIXAPAR)