Tivoli Federated Identity Manager Security Vulnerabilities and Issues — Tivoli Federated Identity Manager CVE List

Lucene search

IbmTivoli Federated Identity Manager

8 matches found

CVE•added 2011/08/12 5:55 p.m.•39 views

CVE-2009-5085

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions vi...

2.6CVSS6.2AI score0.00141EPSS

CVE•added 2011/08/12 5:55 p.m.•38 views

CVE-2011-3136

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048.

10CVSS6.6AI score0.00469EPSS

CVE•added 2011/08/12 5:55 p.m.•36 views

CVE-2008-7299

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.

5CVSS6.5AI score0.00225EPSS

CVE•added 2011/08/12 5:55 p.m.•36 views

CVE-2011-3138

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypa...

5CVSS6.5AI score0.00231EPSS

CVE•added 2011/08/12 5:55 p.m.•35 views

CVE-2011-3135

Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors.

10CVSS6.5AI score0.00516EPSS

CVE•added 2011/08/12 5:55 p.m.•34 views

CVE-2009-5083

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors.

6.8CVSS6.9AI score0.00216EPSS

CVE•added 2011/08/12 5:55 p.m.•32 views

CVE-2011-3137

10CVSS6.6AI score0.01334EPSS

CVE•added 2011/08/12 5:55 p.m.•28 views

CVE-2009-5084

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.

1.9CVSS5.7AI score0.00051EPSS