Security Bulletin: Tivoli Federated Identity Manager - Unprotected Management Console Servlets (CVE-2012-3315)

Abstract SUMMARY The management console used to administer Tivoli Federated Identity Manager contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIM. Content VULNERABILITY DETAILS...

Security Bulletin: Tivoli Federated Identity Manager Business Gateway - Unprotected Management Console Servlets (CVE-2012-3315)

Abstract SUMMARY The management console used to administer Tivoli Federated Identity Manager Business Gateway contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIMBG. Content...

CVE-2012-3315

CVE-2012-3315 affects the IBM Tivoli Federated Identity Manager (TFIM) and TFIM Business Gateway management consoles. Java servlets allow downloading federation metadata and a web plugin configuration template without authentication, exposing sensitive information. Impact is limited to confidenti...