IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Ibm
  • Tivoli Federated Identity Manager

Configuration 1 [-]

OR cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.1:*:*:*:*:*:*:*
References
Link Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ35742
http://www.ibm.com/support/docview.wss?uid=swg24029497
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:13:53

Updated: 2022-10-03T16:13:53

Reserved: 2022-10-03T00:00:00

Link: CVE-2008-7299

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2011-08-12T17:55:00.900

Modified: 2011-08-12T17:55:00.900

Link: CVE-2008-7299

JSON object: View

cve-icon Redhat Information

No data.

CWE