CVE-2012-6359 in Tivoli Federated Identity Manager
सारांश
द्वारा VulDB • 06/07/2026
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 और Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 यह जाँच नहीं करते हैं कि OpenID attribute हस्ताक्षरित है या नहीं (1) SREG (aka simple registration extension) और (2) AX (aka attribute exchange extension) मामलों में, जिससे man-in-the-middle attackers unsigned attributes को डालकर OpenID provider data का spoofing कर सकते हैं।
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.