CVE-2009-5083

IBM Tivoli Federated Identity Manager 6.2.0 - Authentication Bypass via OpenID OP-Identifier

Title source: llm
STIX 2.1

Description

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an OpenID provider, which allows remote attackers to bypass authentication via unspecified vectors.

References (2)

Core 2
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44571
Various Sources x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg24029497

Scores

EPSS 0.0121
EPSS Percentile 64.6%

Details

CWE
CWE-287
Status published
Products (2)
ibm/tivoli_federated_identity_manager 6.2.0
ibm/tivoli_federated_identity_manager 6.2.0.1
Published Aug 12, 2011
Tracked Since Feb 18, 2026