CVE

Id
56557  
CVE No.
CVE-2012-3314  
Status
Candidate  
Description
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.  
Phase
Assigned (20120607)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
585699 56557 CVE-2012-3314 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21612612  View
585700 56557 CVE-2012-3314 AIXAPAR:IV23435  View
585701 56557 CVE-2012-3314 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV23435  View
585702 56557 CVE-2012-3314 AIXAPAR:IV23442  View
585703 56557 CVE-2012-3314 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV23442  View
585704 56557 CVE-2012-3314 AIXAPAR:IV23445  View
585705 56557 CVE-2012-3314 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV23445  View
585706 56557 CVE-2012-3314 AIXAPAR:IV23448  View
585707 56557 CVE-2012-3314 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV23448  View
585708 56557 CVE-2012-3314 BID:55732  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
28957 JVNDB-2012-004664 IBM Rational Business Developer における重要な情報を取得される脆弱性 IBM Rational Business Developer には、重要な情報を取得される脆弱性が存在します。 CVE-2012-3319 56557 5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004664.html  View