CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2011-3138
https://notcve.org/view.php?id=CVE-2011-3138
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety. El módulo de LTPA STS en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 se basa en una instancia estática de una clase Java Development Kit (JDK), lo que podría permitir a un atacante eludir la verificación de token de firma LTPA aprovechando la falta de seguridad de los subprocesos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV01318 http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 https://exchange.xforce.ibmcloud.com/vulnerabilities/69198 •