First published: Wed Jan 04 2012(Updated: )
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Tivoli Federated Identity Manager Business Gateway | =6.2.0 | |
IBM Tivoli Federated Identity Manager | =6.2.0 | |
IBM Tivoli Federated Identity Manager | =6.1.1 | |
Ibm Tivoli Federated Identity Manager Business Gateway | =6.1.1 | |
IBM Tivoli Federated Identity Manager | =6.2.1 | |
Ibm Tivoli Federated Identity Manager Business Gateway | =6.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.