Tivoli Federated Identity Manager Business Gateway Security Vulnerabilities and Issues — Tivoli Federated Identity Manager Business Gateway CVE List

Lucene search

IbmTivoli Federated Identity Manager Business Gateway

10 matches found

CVE•added 2013/11/01 2:55 a.m.•45 views

CVE-2013-5431

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attacke...

5.8CVSS6.7AI score0.00509EPSS

CVE•added 2013/05/02 6:55 p.m.•40 views

CVE-2013-0582

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to in...

4.3CVSS5.6AI score0.00256EPSS

CVE•added 2011/08/12 5:55 p.m.•38 views

CVE-2011-3136

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048.

10CVSS6.6AI score0.00469EPSS

CVE•added 2012/01/04 3:55 a.m.•37 views

CVE-2011-1386

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization require...

4.3CVSS7AI score0.00192EPSS

CVE•added 2011/08/12 5:55 p.m.•36 views

CVE-2011-3138

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypa...

5CVSS6.5AI score0.00231EPSS

CVE•added 2011/08/12 5:55 p.m.•35 views

CVE-2011-3135

Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors.

10CVSS6.5AI score0.00516EPSS

CVE•added 2012/10/02 9:55 p.m.•35 views

CVE-2012-3314

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned eleme...

5.8CVSS6.7AI score0.00183EPSS

CVE•added 2013/01/18 9:55 p.m.•34 views

CVE-2012-6359

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed...

4.3CVSS6.4AI score0.00515EPSS

CVE•added 2011/08/12 5:55 p.m.•32 views

CVE-2011-3137

10CVSS6.6AI score0.01334EPSS

CVE•added 2012/11/08 11:46 a.m.•32 views

CVE-2012-3315

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE secu...

5CVSS6.6AI score0.00405EPSS