OpenID Trust Bypass Vulnerability in IBM Tivoli Federated Identity Manager
CVE-2009-5085

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 12 August 2011

What is CVE-2009-5085?

IBM Tivoli Federated Identity Manager (TFIM) version 6.2.0 before 6.2.0.2 has a vulnerability when configured as an OpenID provider. It fails to delete the site information cookie upon a user removing a relying-party trust entry. This oversight allows remote attackers, with user assistance, to bypass trust restrictions intended to secure the authentication process, potentially exposing sensitive user data and credentials.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44555

vendor-advisoryx_refsource_AIXAPAR

http://www.ibm.com/support/docview.wss?uid=swg24029497

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 12, 2011

JSON

IBM

What is CVE-2009-5085?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.