Vulnerability Details CVE-2012-3315
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/51163
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
- http://www-01.ibm.com/support/docview.wss?uid=swg21615770
- http://www-01.ibm.com/support/docview.wss?uid=swg21615772
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77796
- http://secunia.com/advisories/51163
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
- http://www-01.ibm.com/support/docview.wss?uid=swg21615770
- http://www-01.ibm.com/support/docview.wss?uid=swg21615772
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77796
Products affected by CVE-2012-3315
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1.12
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1.13
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.1
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.10
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.11
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.12
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.13
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.14
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.15
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.16
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.17
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.2
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.3
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.8
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.9
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.1
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.2
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.3
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.4
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.5
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.6
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.7
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.8
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1.9
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.2
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.1.1
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.1
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.10
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.11
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.2
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.3
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.8
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.9
-
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.1