The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2012-11-08T11:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-06-07T00:00:00
Link: CVE-2012-3315
JSON object: View
NVD Information
Status : Modified
Published: 2012-11-08T11:46:23.830
Modified: 2017-08-29T01:31:53.087
Link: CVE-2012-3315
JSON object: View
Redhat Information
No data.
CWE