Authentication Bypass in IBM Tivoli Federated Identity Manager and Business Gateway
CVE-2012-3315

Currently unrated

Key Information:

Vendor

IBM
Status
Tivoli Federated Identity Manager
Vendor
CVE Published:
8 November 2012

What is CVE-2012-3315?

The Java servlets within the management console of IBM Tivoli Federated Identity Manager and its Business Gateway prior to version 6.2.2 are susceptible to an authentication bypass vulnerability. This flaw enables remote attackers to circumvent J2EE security constraints, gaining unauthorized access to sensitive information, including federation metadata and web plugin configuration templates, through specially crafted requests. Proper authentication should be enforced to prevent unauthorized resource access and enhance overall security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21615772
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21615770
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.