cbcvebase.
CVE-2009-5085
published 2011-08-12

CVE-2009-5085: IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in…

low2.6CVSS 3.1
AVNACHAuNCNIPAN
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page.

Affected

2 ranges
VendorProductVersion rangeFixed in
ibmtivoli_federated_identity_manager
ibmtivoli_federated_identity_manager