Security Bulletin: Tivoli Federated Identity Manager - Multiple Protocol XML signature validation bypass (CVE-2012-3314)

Abstract Tivoli Federated Identity Manager TFIM accepts specially crafted messages that can contain invalid or untrusted XML signatures for certain single sign-on protocols and token modules. TFIM could mistakenly accept a malicious message, allowing an attacker to perform actions as another user...

Security Bulletin: Tivoli Federated Identity Manager Business Gateway - Multiple Protocol XML signature validation bypass (CVE-2012-3314)

Abstract Tivoli Federated Identity Manager TFIM accepts specially crafted messages that can contain invalid or untrusted XML signatures for certain single sign-on protocols and token modules. TFIM could mistakenly accept a malicious message, allowing an attacker to perform actions as another user...

IBM Tivoli Federated Identity Manager XML Signature Validation Bypass

The version of IBM Tivoli Federated Identity Manager installed on the remote Windows host is affected by a signature validation bypass vulnerability due to improper validation of XML signatures related to certain single sign-on protocols and token modules. A remote, unauthenticated attacker can...

CVE-2012-3314

CVE-2012-3314 affects IBM Tivoli Federated Identity Manager (TFIM) and TFIM Business Gateway (TFIMBG) versions 6.1.1, 6.2.0, 6.2.1, and 6.2.2. The IBM advisories describe three related issues that can lead to a crafted message being accepted and a session created, enabling an attacker to imperson...