Vulnerability in IBM Tivoli Federated Identity Manager Affecting SAML Signature Validations
CVE-2011-1386

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager Business Gateway; Tivoli Federated Identity Manager
Vendor: CVE Published:; 4 January 2012

Summary

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) versions 6.1.1, 6.2.0, and 6.2.1 are exposed to a vulnerability that occurs due to improper handling of signature validations based on SAML protocols (versions 1.0, 1.1, and 2.0). This flaw could enable remote attackers to circumvent authentication or authorization mechanisms through the use of a non-compliant SAML signature, potentially leading to unauthorized access and data breaches.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/71686

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21575309

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 4, 2012
Vulnerability Reserved
Mar 10, 2011