CVE-2012-3315

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
ibmtivoli_federated_identity_manager
𝑥
≤ 6.2.2
ibmtivoli_federated_identity_manager
6.1.1
ibmtivoli_federated_identity_manager
6.2.0
ibmtivoli_federated_identity_manager
6.2.0.1
ibmtivoli_federated_identity_manager
6.2.0.2
ibmtivoli_federated_identity_manager
6.2.0.3
ibmtivoli_federated_identity_manager
6.2.0.8
ibmtivoli_federated_identity_manager
6.2.0.9
ibmtivoli_federated_identity_manager
6.2.1
ibmtivoli_federated_identity_manager_business_gateway
𝑥
≤ 6.2.1
ibmtivoli_federated_identity_manager_business_gateway
6.1.1
ibmtivoli_federated_identity_manager_business_gateway
6.2.0
ibmtivoli_federated_identity_manager_business_gateway
6.2.0.1
ibmtivoli_federated_identity_manager_business_gateway
6.2.0.2
ibmtivoli_federated_identity_manager_business_gateway
6.2.0.3
ibmtivoli_federated_identity_manager_business_gateway
6.2.0.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/51163
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
http://www-01.ibm.com/support/docview.wss?uid=swg21615770
http://www-01.ibm.com/support/docview.wss?uid=swg21615772
https://exchange.xforce.ibmcloud.com/vulnerabilities/77796
http://secunia.com/advisories/51163
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
http://www-01.ibm.com/support/docview.wss?uid=swg21615770
http://www-01.ibm.com/support/docview.wss?uid=swg21615772
https://exchange.xforce.ibmcloud.com/vulnerabilities/77796