CVE-2009-5083

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.2%

top 55.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Tivoli Federated Identity Manager

Timeline

PublishedAug 12

Latest updateMay 2

Description

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/tivoli_federated_identity_manager6.2.0, 6.2.0.1+1

🔴Vulnerability Details

GHSA

GHSA-q35v-mm3j-6pqv: IBM Tivoli Federated Identity Manager (TFIM) 6↗2022-05-02

▶

CVEList

CVE-2009-5083: IBM Tivoli Federated Identity Manager (TFIM) 6↗2011-08-12

▶