NVD

Id
52186  
Name
CVE-2009-5085  
Description
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user"s deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2011-08-12  
Modified Date
2012-04-25  
Seq
2009-5085  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
263429 52186 CVE-2009-5085 IZ44555  View
263430 52186 CVE-2009-5085 http://www.ibm.com/support/docview.wss?uid=swg24029497  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
33589 JVNDB-2011-003831 IBM TFIM における信頼制限を回避される脆弱性 IBM Tivoli Federated Identity Manager (TFIM) は、OpenID 認証利用サイトを設定する際、認証利用サイトの信頼エントリのユーザ削除要求に応じてサイト情報クッキーを削除しないため、信頼制限を回避される脆弱性が存在します。 CVE-2009-5085 42516 CVE-2009-5085 52186 2.6 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003831.html 2011-08-12 2012-03-27 View