CVE-2011-1386 Information

Feb 14, 2021 cve

Description

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 6.2.0 and 6.2.1 do not properly handle signature validations based on SAML 1.0 1.1 and 2.0 which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.

Reference

http://www.ibm.com/support/docview.wss?uid=swg21575309 http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793 http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801 http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813 https://exchange.xforce.ibmcloud.com/vulnerabilities/71686

Share on: