IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie.
CVEID: CVE-2017-1319**
DESCRIPTION:** IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125731 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Tivoli Federated Identity Manager 6.2.2
IBM Tivoli Federated Identity Manager 6.2.1
IBM Tivoli Federated Identity Manager 6.2.0
IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Tivoli Federated Identity Manager | 6.2.2 | IV95733 | Apply fixpack 6.2.2-TIV-TFIM-FP0017. |
IBM Tivoli Federated Identity Manager | 6.2.1 | N/A | Customers will need to upgrade to Tivoli Federated Identity Manager 6.2.2.17. |
IBM Tivoli Federated Identity Manager | 6.2.0 | N/A | Customers will need to upgrade to Tivoli Federated Identity Manager 6.2.2.17. |
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli federated identity manager | eq | 6.2 | |
tivoli federated identity manager | eq | 6.2.1 | |
tivoli federated identity manager | eq | 6.2.2 |