CVE-2009-5085

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page.

Published: Aug 12, 2011
Updated: Apr 13, 2023
CVE: CVE-2009-5085
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / tivoli_federated_identity_manager	6.2.0	6.2.0.x
ibm / tivoli_federated_identity_manager	6.2.0.1	6.2.0.1.x

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44555
http://www.ibm.com/support/docview.wss?uid=swg24029497

Vulnerability Database

290,206

CVE-2009-5085