Ibm: >> Tivoli Federated Identity Manager >> 6.2.0.1 Security Vulnerabilities
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.
CVSS Score
5.0
EPSS Score
0.002
Published
2011-08-12
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.002
Published
2011-08-12
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data.
CVSS Score
1.9
EPSS Score
0.001
Published
2011-08-12
Page 2