Page 2 of 11 results (0.002 seconds)
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2012-3314
https://notcve.org/view.php?id=CVE-2012-3314
02 Oct 2012 — IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate. IBM Tivoli Federated Identity Manager (TFIM) y Tivoli... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV23435 • CWE-20: Improper Input Validation •