Back to search
CVE-2012-3315
Published: Nov 8, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
IV26827
vendor-advisory
x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21615772
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21615770
x_refsource_CONFIRM
51163
third-party-advisory
x_refsource_SECUNIA
IV26825
vendor-advisory
x_refsource_AIXAPAR
IV26826
vendor-advisory
x_refsource_AIXAPAR
tfim-mcs-unauth-access(77796)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now