CVE-2009-5085
Severity Score
2.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page.
IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.2, cuando se configura como un proveedor de OpenID, no borra la cookie de información en respuesta a la eliminacion de un usuario de una entidad de confianza, lo que permite que un atacante eluda las restricciones de confianza mediante vectores que producen la falta de autenticación de la página
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-12 CVE Reserved
- 2011-08-12 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg24029497 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44555 | 2012-04-25 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Search vendor "Ibm" for product "Tivoli Federated Identity Manager" | 6.2.0 Search vendor "Ibm" for product "Tivoli Federated Identity Manager" and version "6.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Search vendor "Ibm" for product "Tivoli Federated Identity Manager" | 6.2.0.1 Search vendor "Ibm" for product "Tivoli Federated Identity Manager" and version "6.2.0.1" | - |
Affected
| ||||||