CVE-2011-1386

CWE-264CWE-476NULL Pointer Dereference17 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 58.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Tivoli Federated Identity ManagerIBM Tivoli Federated Identity Manager Business Gateway
Timeline
PublishedJan 4
Latest updateMay 17

Description

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDibm/tivoli_federated_identity_manager6.1.1, 6.2.0, 6.2.1+2

Patches

Patch: www-01.ibm.comPatch: www.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-339v-wcxr-4xwf: IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 62022-05-17
CVEList
CVE-2011-1386: IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 62012-01-04

📋Vendor Advisories

11
Red Hat
kernel: bridge: null pointer dereference in __br_deliver2011-10-20
Red Hat
kernel: be2net: promiscuous mode and non-member VLAN packets DoS2011-10-20
Red Hat
kernel: cifs: signedness issue in CIFSFindNext()2011-08-23
Red Hat
kernel: xen: IOMMU fault livelock2011-08-12
Red Hat
kernel: net: improve sequence number generation2011-08-07

💬Community

3
Bugzilla
CVE-2011-3347 kernel: be2net: promiscuous mode and non-member VLAN packets DoS2011-09-07
Bugzilla
CVE-2011-2942 kernel: bridge: null pointer dereference in __br_deliver2011-08-16
Bugzilla
CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file2011-07-15
CVE-2011-1386 (MEDIUM CVSS 4.3) | IBM Tivoli Federated Identity Manag | cvebase.io