CVE-2012-6359
N/A
N/A
Summary
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77790
- http://secunia.com/advisories/51212
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV23452
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV23453
- http://www.securityfocus.com/bid/56390
- http://www-01.ibm.com/support/docview.wss?uid=swg21615748
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV23451
- http://www-01.ibm.com/support/docview.wss?uid=swg21615744
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77790
- http://secunia.com/advisories/51212
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV23452
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV23453
- http://www.securityfocus.com/bid/56390
- http://www-01.ibm.com/support/docview.wss?uid=swg21615748
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV23451
- http://www-01.ibm.com/support/docview.wss?uid=swg21615744
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.