Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Tivoli Federated Identity Manager
Total 22 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-5085 1 Ibm 1 Tivoli Federated Identity Manager 2024-02-28 2.6 LOW N/A
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page.
CVE-2011-1386 1 Ibm 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway 2024-02-28 4.3 MEDIUM N/A
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.