SAML Metadata Import Errors when Federation Metadata XML file is larger than 64KB

The following messages are observed at the logs: Mar 3 15:55:42 GMT LAB01ADC1 0-PPE-0 : default AAATM Message 1903432 0 : "Parsing sso url"Mar 3 15:55:42 GMT LAB01ADC1 0-PPE-0 : default AAATM Message 1903433 0 : "Parsing sso url"Mar 3 15:55:42 GMT LAB01ADC1 0-PPE-0 : default AAATM Message 1903434...

Security Bulletin: Tivoli Federated Identity Manager - Unprotected Management Console Servlets (CVE-2012-3315)

Abstract SUMMARY The management console used to administer Tivoli Federated Identity Manager contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIM. Content VULNERABILITY DETAILS...

Security Bulletin: Tivoli Federated Identity Manager Business Gateway - Unprotected Management Console Servlets (CVE-2012-3315)

Abstract SUMMARY The management console used to administer Tivoli Federated Identity Manager Business Gateway contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIMBG. Content...

Cross site request forgery (csrf)

The Java servlets in the management console in IBM Tivoli Federated Identity Manager TFIM through 6.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE securi...

CVE-2012-3315

The Java servlets in the management console in IBM Tivoli Federated Identity Manager TFIM through 6.2.2 and Tivoli Federated Identity Manager Business Gateway TFIMBG before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE securi...