IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.
Weakness
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tivoli_federated_identity_manager | Ibm | 6.2.0 (including) | 6.2.0 (including) |
| Tivoli_federated_identity_manager | Ibm | 6.2.1 (including) | 6.2.1 (including) |
| Tivoli_federated_identity_manager | Ibm | 6.2.2 (including) | 6.2.2 (including) |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/112.html
- https://cwe.mitre.org/data/definitions/192.html
- https://cwe.mitre.org/data/definitions/20.html
References
- http://www-01.ibm.com/support/docview.wss?uid=swg22002871
- http://www.securitytracker.com/id/1038504
- https://exchange.xforce.ibmcloud.com/vulnerabilities/125731
- http://www-01.ibm.com/support/docview.wss?uid=swg22002871
- http://www.securitytracker.com/id/1038504
- https://exchange.xforce.ibmcloud.com/vulnerabilities/125731