CVE-2012-3314 Information

Feb 14, 2021 cve

Description

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 6.2.0 6.2.1 and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements (2) incorrect validation of XML messages or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.

Reference

http://www.securityfocus.com/bid/55732 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23435 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23442 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23445 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23448 http://www-01.ibm.com/support/docview.wss?uid=swg21612612

Share on: