CVE-2009-5085IBM Tivoli Federated Identity Manager vulnerability

CWE-2643 documents3 sources
Severity
2.6LOWNVD
EPSS
0.1%
top 65.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Tivoli Federated Identity Manager
Timeline
PublishedAug 12
Latest updateMay 2

Description

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4g82-7r8h-h94r: IBM Tivoli Federated Identity Manager (TFIM) 62022-05-02
CVEList
CVE-2009-5085: IBM Tivoli Federated Identity Manager (TFIM) 62011-08-12
CVE-2009-5085 — IBM vulnerability | cvebase