Authentication flaw

2012-01-0403:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.

CPENameOperatorVersion
tivoli_federated_identity_managereq6.2.0
tivoli_federated_identity_managereq6.1.1
tivoli_federated_identity_managereq6.2.1
tivoli_federated_identity_manager_business_gatewayeq6.2.0
tivoli_federated_identity_manager_business_gatewayeq6.1.1
tivoli_federated_identity_manager_business_gatewayeq6.2.1

Name	Operator	Version
tivoli_federated_identity_manager	eq	6.2.0
tivoli_federated_identity_manager	eq	6.1.1
tivoli_federated_identity_manager	eq	6.2.1
tivoli_federated_identity_manager_business_gateway	eq	6.2.0
tivoli_federated_identity_manager_business_gateway	eq	6.1.1
tivoli_federated_identity_manager_business_gateway	eq	6.2.1