CVE-2012-3315
N/A
N/A
Summary
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
- http://www-01.ibm.com/support/docview.wss?uid=swg21615772
- http://www-01.ibm.com/support/docview.wss?uid=swg21615770
- http://secunia.com/advisories/51163
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77796
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
- http://www-01.ibm.com/support/docview.wss?uid=swg21615772
- http://www-01.ibm.com/support/docview.wss?uid=swg21615770
- http://secunia.com/advisories/51163
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77796
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.