CVE Vulnerabilities

CVE-2011-3138

Published: Aug 12, 2011 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety.

Affected Software

Name Vendor Start Version End Version
Tivoli_federated_identity_manager Ibm 6.2.0.2 6.2.0.2
Tivoli_federated_identity_manager Ibm 6.2.0 6.2.0
Tivoli_federated_identity_manager Ibm 6.2.0.1 6.2.0.1
Tivoli_federated_identity_manager Ibm 6.2.0.3 6.2.0.3
Tivoli_federated_identity_manager Ibm 6.2.0.8 6.2.0.8

References