CVE-2012-6359

CWE-2643 documents3 sources
Severity
4.3MEDIUM
EPSS
0.5%
top 33.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Tivoli Federated Identity ManagerIBM Tivoli Federated Identity Manager Business Gateway
Timeline
PublishedJan 18
Latest updateMay 17

Description

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned at

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-xgg6-h359-rv3p: IBM Tivoli Federated Identity Manager (TFIM) 62022-05-17
CVEList
CVE-2012-6359: IBM Tivoli Federated Identity Manager (TFIM) 62013-01-18
CVE-2012-6359 (MEDIUM CVSS 4.3) | IBM Tivoli Federated Identity Manag | cvebase.io