CVE-2012-3315

NONECVSS 0.0

0.0

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.

🔗 References (14)

psirt@ushttp://secunia.com/advisories/51163
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg21615770
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg21615772
psirt@ushttps://exchange.xforce.ibmcloud.com/vulnerabilities/77796
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51163
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21615770
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21615772
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77796

Is Your Infrastructure Affected by CVE-2012-3315?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-3315

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-3315?