IBM1DEB1C6F960D4B80BF3DF529EA87CDF08FE21101EFF272D1A2D0D19400501195Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a missing secure attribute in the encrypted session (SSL) cookie (CVE-2017-1319)
0.001 Low
EPSS
Percentile
49.2%
Summary
IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie.
Vulnerability Details
CVEID: CVE-2017-1319**
DESCRIPTION:** IBM Tivoli Federated Identity Manager is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125731 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Tivoli Federated Identity Manager 6.2.2
IBM Tivoli Federated Identity Manager 6.2.1
IBM Tivoli Federated Identity Manager 6.2.0
Remediation/Fixes
IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Tivoli Federated Identity Manager | 6.2.2 | IV95733 | Apply fixpack 6.2.2-TIV-TFIM-FP0017. |
| IBM Tivoli Federated Identity Manager | 6.2.1 | N/A | Customers will need to upgrade to Tivoli Federated Identity Manager 6.2.2.17. |
| IBM Tivoli Federated Identity Manager | 6.2.0 | N/A | Customers will need to upgrade to Tivoli Federated Identity Manager 6.2.2.17. |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli federated identity manager | eq | 6.2 | |
| tivoli federated identity manager | eq | 6.2.1 | |
| tivoli federated identity manager | eq | 6.2.2 |
Related
0.001 Low
EPSS
Percentile
49.2%