Spoofing Vulnerability in IBM Tivoli Federated Identity Manager
CVE-2008-7299

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 12 August 2011

Summary

IBM Tivoli Federated Identity Manager versions prior to 6.2.0.2 exhibit a vulnerability due to an incomplete implementation of the SAML 1.x browser-artifact mechanism. This flaw allows malicious remote OpenID providers to spoof assertions through manipulation of the Issuer field, potentially compromising the integrity of the federated identity management solution. Organizations utilizing affected versions should take immediate steps to apply relevant updates and mitigate associated risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35742

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg24029497

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 12, 2011