CVE-2012-3315
IBM Tivoli Federated Identity Manager < 6.2.2 and Business Gateway < 6.2.1 - Sensitive Information Exposure
Title source: llmDescription
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request.
References (7)
Core 7
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21615772
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21615770
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51163
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/77796
Scores
EPSS
0.0259
EPSS Percentile
83.4%
Details
CWE
CWE-287
Status
published
Products (16)
ibm/tivoli_federated_identity_manager
6.1.1
ibm/tivoli_federated_identity_manager
6.2.0
ibm/tivoli_federated_identity_manager
6.2.0.1
ibm/tivoli_federated_identity_manager
6.2.0.2
ibm/tivoli_federated_identity_manager
6.2.0.3
ibm/tivoli_federated_identity_manager
6.2.0.8
ibm/tivoli_federated_identity_manager
6.2.0.9
ibm/tivoli_federated_identity_manager
6.2.1
ibm/tivoli_federated_identity_manager
< 6.2.2
ibm/tivoli_federated_identity_manager_business_gateway
6.1.1
... and 6 more
Published
Nov 08, 2012
Tracked Since
Feb 18, 2026