CVE-2008-7299 in Tivoli Federated Identity Managerinfo

Summary

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

08/12/2011

Disclosure

08/12/2011

Moderation

VulDB entry created

Entries

1: VDB-58276

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.3

EPSS

0.00225

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-7299
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-7299
CVE Details	https://www.cvedetails.com/cve/CVE-2008-7299/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!