CVE-2012-3315

Published Nov 8, 2012

Last updated 3 months ago

CVSS info 5.0

Overview

Description: The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
Source: psirt@us.ibm.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9653FBA-46AE-4708-ADD1-186D9EB7ADA3",
            "versionEndIncluding": "6.2.2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7713A26A-87C9-4BF1-A6D1-89DFD7BF5574"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E508843E-DEA8-433D-AFD5-2730D2745E0B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B08471C-D834-4247-87A6-6F9D6777375B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF2E0940-AAAF-43CA-A34B-7D7F69D98C15"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BFC5237-6ECD-4B6D-AC3D-D32886302CA4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E654796-0374-42DC-8635-8F8AE969B60A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FA2AB53-1012-4E7F-BA36-37B61925D674"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F674F64E-F51F-4F5E-AFCD-952958E66FE2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4A0B05B-9379-4421-B96F-18DFBA97977C",
            "versionEndIncluding": "6.2.1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58E139B7-C2A2-4505-A384-8C3F08D211E4"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1807D56B-4569-47FB-8562-0DA753DCFD89"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "789B771E-5A03-41E8-A7B1-B7AAEA6C2F5E"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24EC2003-784F-4CA5-8F16-041B1DFFCCC2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA8101A0-DF31-42C6-A72F-3A10ECF588D2"
          },
          {
            "criteria": "cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E95282DC-382A-4E4B-A5B9-D554A45339AD"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References