4.3

CVE-2011-1386

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.25% 0.655
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801
http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813
http://www.ibm.com/support/docview.wss?uid=swg21575309
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71686