CVE-2012-6359

NONECVSS 0.0

0.0

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes.

🔗 References (16)

psirt@ushttp://secunia.com/advisories/51212
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23451
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23452
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg1IV23453
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg21615744
psirt@ushttp://www-01.ibm.com/support/docview.wss?uid=swg21615748
psirt@ushttp://www.securityfocus.com/bid/56390
psirt@ushttps://exchange.xforce.ibmcloud.com/vulnerabilities/77790
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51212
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23451
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23452
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IV23453
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21615744
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21615748
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56390

Is Your Infrastructure Affected by CVE-2012-6359?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-6359

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-6359?