CVE - CVE-2012-3315

CVE-ID
CVE-2012-3315	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:IV26825 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825 AIXAPAR:IV26826 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826 AIXAPAR:IV26827 URL:http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21615770 CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21615772 SECUNIA:51163 URL:http://secunia.com/advisories/51163 XF:tfim-mcs-unauth-access(77796) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77796
Assigning CNA
IBM Corporation
Date Record Created
20120607	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120607)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)