Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1.12:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-3310 |
IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all. Published: January 17, 2013; 5:55:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2012-3315 |
The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. Published: November 08, 2012; 6:46:23 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |