Back to search
CVE-2011-3138
Published: Aug 12, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
IV01318
vendor-advisory
x_refsource_AIXAPAR
ibm-tfim-security-bypass(69198)
vdb-entry
x_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg24029498
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg24029497
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now