CVE-2011-1386

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager Business Gateway; Tivoli Federated Identity Manager
Vendor: CVE Published:; 4 January 2012

Summary

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/71686

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21575309

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 4, 2012
Vulnerability Reserved
Mar 10, 2011