Unrated severityNVD Advisory· Published Jan 4, 2012· Updated Jun 16, 2026
CVE-2011-1386
CVE-2011-1386
Description
IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature.
Affected products
8cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager:6.2.1:*:*:*:*:*:*:*
- (no CPE)range: 6.1.1, 6.2.0, 6.2.1
cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.1.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:tivoli_federated_identity_manager_business_gateway:6.2.1:*:*:*:*:*:*:*
- (no CPE)range: 6.1.1, 6.2.0, 6.2.1
Patches
Vulnerability mechanics
References
5- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www-01.ibm.com/support/docview.wssnvd
- www-01.ibm.com/support/docview.wssnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/71686nvd
News mentions
0No linked articles in our index yet.