Unrated severityNVD Advisory· Published Jan 4, 2012· Updated Apr 29, 2026
CVE-2011-1386
CVE-2011-1386
Description
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.
Affected products
6cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.1.1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/71686nvd
News mentions
0No linked articles in our index yet.