Security Bulletin: Tivoli Federated Identity Manager - Unprotected Management Console Servlets (CVE-2012-3315)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtmedium psirtsecurity
0 Comments | 762 Visits
The management console used to administer Tivoli Federated Identity Manager contains servlets which are not all protected via a J2EE security constraint. These servlets could be used by an unauthenticated user to download certain resources from TFIM.
Affected product(s) & Affected version(s): All versions of TFIM before 6.2.2 are affected, including those no longer supported..
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21615770
X-Force Database: http://xforce.iss.net/xforce/xfdb/77796