Page 3 of 20 results (0.020 seconds)

CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate. IBM Tivoli Federated Identity Manager (TFIM) y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.1.1, v6.2.0, v6.2.1, y v6.2.2 permite atacantes remotos establecer sesiones a través de un mensaje que aprovecha (1) para evitar una validación de firma que para mensajes SAML que contienen elementos no firmados, (2) validación incorrecta de mensajes XML, o (3) evitar la validación de una cadena de certificados de un elemento XML firmado que contiene la firma del certificado. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV23435 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23442 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23445 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23448 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature. IBM Tivoli Federated Identity Manager (TFIM) y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.1.1, v6.2.0, y v6.2.1, no manejan adecuadamente las validaciones de firmas basadas en SAML v1.0, v1.1, y v2.0, lo que permite a atacantes remotos evitar las restricciones de acceso o requisitos de autorización a través de una firma SAML no conforme. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793 http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801 http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813 http://www.ibm.com/support/docview.wss?uid=swg21575309 https://exchange.xforce.ibmcloud.com/vulnerabilities/71686 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page. IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.2, cuando se configura como un proveedor de OpenID, no borra la cookie de información en respuesta a la eliminacion de un usuario de una entidad de confianza, lo que permite que un atacante eluda las restricciones de confianza mediante vectores que producen la falta de autenticación de la página • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44555 http://www.ibm.com/support/docview.wss?uid=swg24029497 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048. Vulnerabilidad no especificada en la consola de administración de IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior v6.2.0.9 y Tivoli Federated Identity Business Gateway Manager (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto y un vector de ataque desconocido, también conocido como APAR IV03048. • http://secunia.com/advisories/45555 http://www-01.ibm.com/support/docview.wss?uid=swg1IV03048 http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050. Vulnerabilidad no especificada en Management Console en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto desconocido y vectores de ataque, también conocido como APAR IV03050. • http://secunia.com/advisories/45555 http://www-01.ibm.com/support/docview.wss?uid=swg1IV03050 http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 https://exchange.xforce.ibmcloud.com/vulnerabilities/69203 https://exchange.xforce.ibmcloud.com/vulnerabilities/69204 •