ID

VAR-201108-0121


CVE

CVE-2011-3135


TITLE

IBM TFIM and TFIMBG of Runtime Vulnerabilities in unknown details

Trust: 0.8

sources: JVNDB: JVNDB-2011-004862

DESCRIPTION

Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors. Very few technical details are currently available. We will update this BID as more information emerges. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. The vulnerability can cause unknown impact and attack vectors. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 RELEASE DATE: 2011-08-08 DISCUSS ADVISORY: http://secunia.com/advisories/45555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, where some have an unknown impact while one can be exploited by malicious people to cause a DoS (Denial of Service). 1) The application bundles a vulnerable version of IBM Java. For more information: SA43295 2) Two unspecified errors related to the management console exists. 3) An unspecified error related to the runtime exists. The vulnerabilities are reported in versions prior to 6.2.0 Fix Pack 9. SOLUTION: Apply Fix Pack 9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV03048, IV03050, IV03074): http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2011-3135 // JVNDB: JVNDB-2011-004862 // BID: 49372 // VULHUB: VHN-51080 // PACKETSTORM: 103786

AFFECTED PRODUCTS

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.1

Trust: 1.9

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.3

Trust: 1.9

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.2

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.8

Trust: 1.9

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.8

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.2

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.1

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.3

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0

Trust: 1.6

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.9

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.9

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:neversion:6.2.0.9

Trust: 0.3

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:neversion:6.2.0.9

Trust: 0.3

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2

Trust: 0.3

sources: BID: 49372 // JVNDB: JVNDB-2011-004862 // CNNVD: CNNVD-201108-261 // NVD: CVE-2011-3135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3135
value: HIGH

Trust: 1.0

NVD: CVE-2011-3135
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201108-261
value: CRITICAL

Trust: 0.6

VULHUB: VHN-51080
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-3135
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-51080
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51080 // JVNDB: JVNDB-2011-004862 // CNNVD: CNNVD-201108-261 // NVD: CVE-2011-3135

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-3135

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201108-261

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201108-261

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-004862

PATCH

title:4029498url:http://www.ibm.com/support/docview.wss?uid=swg24029498

Trust: 0.8

title:4029497url:http://www.ibm.com/support/docview.wss?uid=swg24029497

Trust: 0.8

sources: JVNDB: JVNDB-2011-004862

EXTERNAL IDS

db:NVDid:CVE-2011-3135

Trust: 2.8

db:SECUNIAid:45555

Trust: 1.8

db:JVNDBid:JVNDB-2011-004862

Trust: 0.8

db:CNNVDid:CNNVD-201108-261

Trust: 0.7

db:AIXAPARid:IV03074

Trust: 0.6

db:BIDid:49372

Trust: 0.3

db:VULHUBid:VHN-51080

Trust: 0.1

db:PACKETSTORMid:103786

Trust: 0.1

sources: VULHUB: VHN-51080 // BID: 49372 // JVNDB: JVNDB-2011-004862 // PACKETSTORM: 103786 // CNNVD: CNNVD-201108-261 // NVD: CVE-2011-3135

REFERENCES

url:http://www.ibm.com/support/docview.wss?uid=swg24029498

Trust: 2.1

url:http://www.ibm.com/support/docview.wss?uid=swg24029497

Trust: 1.8

url:http://www-01.ibm.com/support/docview.wss?uid=swg1iv03074

Trust: 1.7

url:http://secunia.com/advisories/45555

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/69205

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3135

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3135

Trust: 0.8

url:http://www.ibm.com

Trust: 0.3

url:https://www-304.ibm.com/support/docview.wss?uid=swg24029497

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/blog/242

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/45555/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/advisories/45555/#comments

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45555

Trust: 0.1

sources: VULHUB: VHN-51080 // BID: 49372 // JVNDB: JVNDB-2011-004862 // PACKETSTORM: 103786 // CNNVD: CNNVD-201108-261 // NVD: CVE-2011-3135

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 49372

SOURCES

db:VULHUBid:VHN-51080
db:BIDid:49372
db:JVNDBid:JVNDB-2011-004862
db:PACKETSTORMid:103786
db:CNNVDid:CNNVD-201108-261
db:NVDid:CVE-2011-3135

LAST UPDATE DATE

2024-11-23T20:37:53.662000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-51080date:2017-08-29T00:00:00
db:BIDid:49372date:2011-08-08T00:00:00
db:JVNDBid:JVNDB-2011-004862date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201108-261date:2011-08-15T00:00:00
db:NVDid:CVE-2011-3135date:2024-11-21T01:29:48.887

SOURCES RELEASE DATE

db:VULHUBid:VHN-51080date:2011-08-12T00:00:00
db:BIDid:49372date:2011-08-08T00:00:00
db:JVNDBid:JVNDB-2011-004862date:2012-03-27T00:00:00
db:PACKETSTORMid:103786date:2011-08-08T01:19:06
db:CNNVDid:CNNVD-201108-261date:2011-08-15T00:00:00
db:NVDid:CVE-2011-3135date:2011-08-12T17:55:01.137