Improper input validation in Ibm Tivoli_federated_identity_manager

CVE-2012-3314

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-v…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (39.9th percentile) — read the EPSS interpretation.

Affected products

Ibm Tivoli_federated_identity_manager — versions 6.1.1, 6.2.0, 6.2.1
Ibm Tivoli_federated_identity_manager_business_gateway — versions 6.1.1, 6.2.0, 6.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

psirt@us.ibm.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
IV23435 (vendor-advisory, x_refsource_AIXAPAR)
IV23445 (vendor-advisory, x_refsource_AIXAPAR)
IV23442 (vendor-advisory, x_refsource_AIXAPAR)
IV23448 (vendor-advisory, x_refsource_AIXAPAR)
55732 (vdb-entry, x_refsource_BID)