CVE-2012-3314

Name of the Vulnerable Software and Affected Versions IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) versions 6.1.1, 6.2.0, 6.2.1, 6.2.2

Description The issue allows remote attackers to establish sessions via a crafted message. This can be achieved by leveraging a signature-validation bypass for SAML messages containing unsigned elements, incorrect validation of XML messages, or a certificate-chain validation bypass for an XML signature element that contains the signing certificate.

Recommendations For versions 6.1.1, 6.2.0, 6.2.1, and 6.2.2, update to a version that includes the necessary security fixes to address the signature-validation bypass, incorrect XML validation, and certificate-chain validation bypass issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.