CVE-2011-1386
N/A
N/A
Summary
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71686
- http://www.ibm.com/support/docview.wss?uid=swg21575309
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71686
- http://www.ibm.com/support/docview.wss?uid=swg21575309
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.