CVE-2011-1386

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.

Published: Jan 4, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-1386
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
ibm / tivoli_federated_identity_manager_business_gateway	6.2.0	6.2.0.x
ibm / tivoli_federated_identity_manager	6.2.0	6.2.0.x
ibm / tivoli_federated_identity_manager	6.1.1	6.1.1.x
ibm / tivoli_federated_identity_manager_business_gateway	6.1.1	6.1.1.x
ibm / tivoli_federated_identity_manager	6.2.1	6.2.1.x
ibm / tivoli_federated_identity_manager_business_gateway	6.2.1	6.2.1.x

http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793
http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801
http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813
http://www.ibm.com/support/docview.wss?uid=swg21575309
https://exchange.xforce.ibmcloud.com/vulnerabilities/71686

Vulnerability Database

290,206

CVE-2011-1386