CVE-2011-3138
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety.
El módulo de LTPA STS en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 anterior a v6.2.0.9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 anterior a v6.2.0.9 se basa en una instancia estática de una clase Java Development Kit (JDK), lo que podría permitir a un atacante eludir la verificación de token de firma LTPA aprovechando la falta de seguridad de los subprocesos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-12 CVE Reserved
- 2011-08-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg24029497 | X_refsource_confirm | |
| http://www.ibm.com/support/docview.wss?uid=swg24029498 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69198 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IV01318 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Search vendor "Ibm" for product "Tivoli Federated Identity Manager" | 6.2.0 Search vendor "Ibm" for product "Tivoli Federated Identity Manager" and version "6.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Search vendor "Ibm" for product "Tivoli Federated Identity Manager" | 6.2.0.1 Search vendor "Ibm" for product "Tivoli Federated Identity Manager" and version "6.2.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Search vendor "Ibm" for product "Tivoli Federated Identity Manager" | 6.2.0.2 Search vendor "Ibm" for product "Tivoli Federated Identity Manager" and version "6.2.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Search vendor "Ibm" for product "Tivoli Federated Identity Manager" | 6.2.0.3 Search vendor "Ibm" for product "Tivoli Federated Identity Manager" and version "6.2.0.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Search vendor "Ibm" for product "Tivoli Federated Identity Manager" | 6.2.0.8 Search vendor "Ibm" for product "Tivoli Federated Identity Manager" and version "6.2.0.8" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Business Gateway Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" | 6.2.0 Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" and version "6.2.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Business Gateway Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" | 6.2.0.1 Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" and version "6.2.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Business Gateway Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" | 6.2.0.2 Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" and version "6.2.0.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Business Gateway Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" | 6.2.0.3 Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" and version "6.2.0.3" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Federated Identity Manager Business Gateway Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" | 6.2.0.8 Search vendor "Ibm" for product "Tivoli Federated Identity Manager Business Gateway" and version "6.2.0.8" | - |
Affected
| ||||||