Tivoli Federated Identity Manager Security Vulnerabilities and Issues — Tivoli Federated Identity Manager CVE List

Lucene search

IbmTivoli Federated Identity Manager

7 matches found

CVE•added 2013/11/01 2:55 a.m.•45 views

CVE-2013-5431

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attacke...

5.8CVSS6.7AI score0.00509EPSS

CVE•added 2018/03/08 4:29 p.m.•45 views

CVE-2018-1443

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a diffe...

5.9CVSS5.4AI score0.00061EPSS

CVE•added 2017/05/22 8:29 p.m.•40 views

CVE-2017-1320

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732.

5.4CVSS5.1AI score0.00258EPSS

CVE•added 2011/08/12 5:55 p.m.•36 views

CVE-2008-7299

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.

5CVSS6.5AI score0.00225EPSS

CVE•added 2011/08/12 5:55 p.m.•36 views

CVE-2011-3138

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypa...

5CVSS6.5AI score0.00231EPSS

CVE•added 2012/10/02 9:55 p.m.•35 views

CVE-2012-3314

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned eleme...

5.8CVSS6.7AI score0.00183EPSS

CVE•added 2012/11/08 11:46 a.m.•32 views

CVE-2012-3315

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE secu...

5CVSS6.6AI score0.00405EPSS