The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 prior to 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 prior to 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow malicious users to bypass LTPA token signature verification by leveraging lack of thread safety.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm tivoli federated identity manager 6.2.0.1 |
||
ibm tivoli federated identity manager 6.2.0.2 |
||
ibm tivoli federated identity manager 6.2.0.3 |
||
ibm tivoli federated identity manager 6.2.0.8 |
||
ibm tivoli federated identity manager 6.2.0 |
||
ibm tivoli federated identity manager business gateway 6.2.0.3 |
||
ibm tivoli federated identity manager business gateway 6.2.0.8 |
||
ibm tivoli federated identity manager business gateway 6.2.0 |
||
ibm tivoli federated identity manager business gateway 6.2.0.1 |
||
ibm tivoli federated identity manager business gateway 6.2.0.2 |