CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-7299
https://notcve.org/view.php?id=CVE-2008-7299
12 Aug 2011 — IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field. IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 anterior a v6.2.0.2 utiliza un avegador artefacto (browser-artifact) SAML 1.x, que permite a los proveedores de OpenID falsificar aserciones mediante vectores relacionados con el campo Issuer • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35742 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5083
https://notcve.org/view.php?id=CVE-2009-5083
12 Aug 2011 — IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors. IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.2 cuando es configurado en una entidad de confianza OpenID, no desarrolla un rechazo de registro hasta recibir un OP-Identifier de un proveedor Open... • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44571 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5084
https://notcve.org/view.php?id=CVE-2009-5084
12 Aug 2011 — IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data. IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.2, cuando las trazas com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate están habilitadas, crea una entrada en el log en texto plano que contiene u... • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44560 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-5085
https://notcve.org/view.php?id=CVE-2009-5085
12 Aug 2011 — IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page. IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.2, cuando se configura como un proveedor de OpenID, no borra la cookie de i... • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44555 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3135
https://notcve.org/view.php?id=CVE-2011-3135
12 Aug 2011 — Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors. Vulnerabilidad no especificada en el Runtime en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/45555 •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3136
https://notcve.org/view.php?id=CVE-2011-3136
12 Aug 2011 — Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048. Vulnerabilidad no especificada en la consola de administración de IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior v6.2.0.9 y Tivoli Federated Identity Business Gateway Manager (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto y un ve... • http://secunia.com/advisories/45555 •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2011-3137
https://notcve.org/view.php?id=CVE-2011-3137
12 Aug 2011 — Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050. Vulnerabilidad no especificada en Management Console en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto desconocido y v... • http://secunia.com/advisories/45555 •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3138
https://notcve.org/view.php?id=CVE-2011-3138
12 Aug 2011 — The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety. El módulo de LTPA STS en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Busine... • http://www-01.ibm.com/support/docview.wss?uid=swg1IV01318 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2010-0311
https://notcve.org/view.php?id=CVE-2010-0311
14 Jan 2010 — Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en Sun Java System Identity Manager (también conocido como IdM) v8.1.0.5 y v8.1.0.6, cuando se usa con Sun Java System Access Manager, OpenSSO Enterprise v8.0 o IBM Tivoli Access Manager, permite a atacantes remo... • http://osvdb.org/61658 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3262
https://notcve.org/view.php?id=CVE-2009-3262
18 Sep 2009 — Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Self Service UI (SSUI) en IBM Tivoli Identity Manager (ITIM) v5.0.0.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de forma arbitraria a través de el campo "last na... • http://secunia.com/advisories/36511 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •