Input validation

2012-10-0221:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.1%

JSON

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.

CPENameOperatorVersion
tivoli_federated_identity_managereq6.2.0
tivoli_federated_identity_managereq6.1.1
tivoli_federated_identity_managereq6.2.2
tivoli_federated_identity_managereq6.2.1
tivoli_federated_identity_manager_business_gatewayeq6.2.2
tivoli_federated_identity_manager_business_gatewayeq6.2.0
tivoli_federated_identity_manager_business_gatewayeq6.1.1
tivoli_federated_identity_manager_business_gatewayeq6.2.1

Name	Operator	Version
tivoli_federated_identity_manager	eq	6.2.0
tivoli_federated_identity_manager	eq	6.1.1
tivoli_federated_identity_manager	eq	6.2.2
tivoli_federated_identity_manager	eq	6.2.1
tivoli_federated_identity_manager_business_gateway	eq	6.2.2
tivoli_federated_identity_manager_business_gateway	eq	6.2.0
tivoli_federated_identity_manager_business_gateway	eq	6.1.1
tivoli_federated_identity_manager_business_gateway	eq	6.2.1