NVD

Id
44929  
Name
CVE-2012-3314  
Description
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass for SAML messages containing unsigned elements, (2) incorrect validation of XML messages, or (3) a certificate-chain validation bypass for an XML signature element that contains the signing certificate.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-10-02  
Modified Date
2013-01-31  
Seq
2012-3314  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
225109 44929 CVE-2012-3314 IV23435  View
225110 44929 CVE-2012-3314 IV23442  View
225111 44929 CVE-2012-3314 IV23445  View
225112 44929 CVE-2012-3314 IV23448  View
225113 44929 CVE-2012-3314 http://www-01.ibm.com/support/docview.wss?uid=swg21612612  View
225114 44929 CVE-2012-3314 55732  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29013 JVNDB-2012-004720 IBM Tivoli Federated Identity Manager 製品におけるセッションを確立される脆弱性 IBM Tivoli Federated Identity Manager (TFIM) および Tivoli Federated Identity Manager Business Gateway (TFIMBG) には、セッションを確立される脆弱性が存在します。 CVE-2012-3314 56552 CVE-2012-3314 44929 5.8 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004720.html 2012-10-02 2012-10-04 View