Authentication Bypass in IBM Tivoli Federated Identity Manager and Business Gateway
CVE-2012-3315

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Federated Identity Manager
Vendor: CVE Published:; 8 November 2012

Summary

The Java servlets within the management console of IBM Tivoli Federated Identity Manager and its Business Gateway prior to version 6.2.2 are susceptible to an authentication bypass vulnerability. This flaw enables remote attackers to circumvent J2EE security constraints, gaining unauthorized access to sensitive information, including federation metadata and web plugin configuration templates, through specially crafted requests. Proper authentication should be enforced to prevent unauthorized resource access and enhance overall security.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21615772

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg21615770

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 8, 2012
Vulnerability Reserved
Jun 7, 2012