Security Bulletin: Tivoli Federated Identity Manager Business Gateway - Unprotected Management Console Servlets (CVE-2012-3315)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtsecurity
0 Comments | 300 Visits
The management console used to administer Tivoli Federated Identity Manager Business Gateway contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIMBG.
Affected product(s) & Affected version(s): Tivoli Federated Identity Manager Business Gateway versions 6.1.1, 6.2.0, 6.2.1
Refer to the following reference URLs for remediation and additional vulnerability details.