Page 4 of 22 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048. Vulnerabilidad no especificada en la consola de administración de IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior v6.2.0.9 y Tivoli Federated Identity Business Gateway Manager (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto y un vector de ataque desconocido, también conocido como APAR IV03048. • http://secunia.com/advisories/45555 http://www-01.ibm.com/support/docview.wss?uid=swg1IV03048 http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field. IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 anterior a v6.2.0.2 utiliza un avegador artefacto (browser-artifact) SAML 1.x, que permite a los proveedores de OpenID falsificar aserciones mediante vectores relacionados con el campo Issuer • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35742 http://www.ibm.com/support/docview.wss?uid=swg24029497 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050. Vulnerabilidad no especificada en Management Console en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto desconocido y vectores de ataque, también conocido como APAR IV03050. • http://secunia.com/advisories/45555 http://www-01.ibm.com/support/docview.wss?uid=swg1IV03050 http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 https://exchange.xforce.ibmcloud.com/vulnerabilities/69203 https://exchange.xforce.ibmcloud.com/vulnerabilities/69204 •

CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors. Vulnerabilidad no especificada en el Runtime en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 tiene un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/45555 http://www-01.ibm.com/support/docview.wss?uid=swg1IV03074 http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 https://exchange.xforce.ibmcloud.com/vulnerabilities/69205 •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety. El módulo de LTPA STS en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 se basa en una instancia estática de una clase Java Development Kit (JDK), lo que podría permitir a un atacante eludir la verificación de token de firma LTPA aprovechando la falta de seguridad de los subprocesos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV01318 http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 https://exchange.xforce.ibmcloud.com/vulnerabilities/69198 •