CVE-2012-3315 in Tivoli Federated Identity Managerinfo

Summary

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

06/07/2012

Disclosure

11/08/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-287

CVSS

5.3

EPSS

0.00405

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3315
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3315
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3315/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!