Session Establishment Vulnerability in IBM Tivoli Federated Identity Manager
CVE-2012-3314

Currently unrated

Key Information:

Vendor

IBM
Status
Tivoli Federated Identity Manager
Vendor
CVE Published:
2 October 2012

What is CVE-2012-3314?

IBM Tivoli Federated Identity Manager and Business Gateway versions 6.1.1 through 6.2.2 have a vulnerability that allows remote attackers to create sessions by sending crafted messages. This is facilitated through a signature-validation bypass for SAML messages with unsigned elements, improper validation of XML messages, or a failure to validate the certificate chain for XML signature elements that include the signing certificate, potentially leading to unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www-01.ibm.com/support/docview.wss?uid=swg21612612
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IV23435
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg1IV23445
vendor-advisoryx_refsource_AIXAPAR

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.