Sign-up

ID

VAR-201108-0123


CVE

CVE-2011-3137


TITLE

IBM TFIM and TFIMBG of Management Console Vulnerabilities in unknown details

Trust: 0.8

sources: JVNDB: JVNDB-2011-004864

DESCRIPTION

Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050. Very few technical details are currently available. We will update this BID as more information emerges. The product provides web and federated single sign-on (SSO) capabilities to users across multiple applications. The vulnerability can cause unknown impact and attack vectors. ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM Tivoli Federated Identity Manager Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 RELEASE DATE: 2011-08-08 DISCUSS ADVISORY: http://secunia.com/advisories/45555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, where some have an unknown impact while one can be exploited by malicious people to cause a DoS (Denial of Service). 1) The application bundles a vulnerable version of IBM Java. For more information: SA43295 2) Two unspecified errors related to the management console exists. 3) An unspecified error related to the runtime exists. The vulnerabilities are reported in versions prior to 6.2.0 Fix Pack 9. SOLUTION: Apply Fix Pack 9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV03048, IV03050, IV03074): http://www.ibm.com/support/docview.wss?uid=swg24029497 http://www.ibm.com/support/docview.wss?uid=swg24029498 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2011-3137 // JVNDB: JVNDB-2011-004864 // BID: 49372 // VULHUB: VHN-51082 // PACKETSTORM: 103786

AFFECTED PRODUCTS

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.1

Trust: 1.9

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.3

Trust: 1.9

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.2

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.8

Trust: 1.9

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.8

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.2

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.1

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.3

Trust: 1.9

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0

Trust: 1.6

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0

Trust: 1.6

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2.0.9

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:ltversion:6.2.0

Trust: 0.8

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2.0.9

Trust: 0.8

vendor:ibmmodel:tivoli federated identity managerscope:neversion:6.2.0.9

Trust: 0.3

vendor:ibmmodel:tivoli federated identity managerscope:eqversion:6.2

Trust: 0.3

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:neversion:6.2.0.9

Trust: 0.3

vendor:ibmmodel:tivoli federated identity manager business gatewayscope:eqversion:6.2

Trust: 0.3

sources: BID: 49372 // JVNDB: JVNDB-2011-004864 // CNNVD: CNNVD-201108-263 // NVD: CVE-2011-3137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3137
value: HIGH

Trust: 1.0

NVD: CVE-2011-3137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201108-263
value: CRITICAL

Trust: 0.6

VULHUB: VHN-51082
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-3137
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-51082
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51082 // JVNDB: JVNDB-2011-004864 // CNNVD: CNNVD-201108-263 // NVD: CVE-2011-3137

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-3137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201108-263

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201108-263

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-004864

PATCH
title:4029498url:http://www.ibm.com/support/docview.wss?uid=swg24029498
Trust: 0.8
title:4029497url:http://www.ibm.com/support/docview.wss?uid=swg24029497
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-004864

EXTERNAL IDS
db:NVDid:CVE-2011-3137
Trust: 2.8
db:SECUNIAid:45555
Trust: 1.8
db:JVNDBid:JVNDB-2011-004864
Trust: 0.8
db:CNNVDid:CNNVD-201108-263
Trust: 0.7
db:AIXAPARid:IV03050
Trust: 0.6
db:BIDid:49372
Trust: 0.3
db:VULHUBid:VHN-51082
Trust: 0.1
db:PACKETSTORMid:103786
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51082 // 
            
            
            
            BID: 49372 // 
            
            
            
            JVNDB: JVNDB-2011-004864 // 
            
            
            
            PACKETSTORM: 103786 // 
            
            
            
            CNNVD: CNNVD-201108-263 // 
            
            
            
            NVD: CVE-2011-3137

REFERENCES
url:http://www.ibm.com/support/docview.wss?uid=swg24029498
Trust: 2.1
url:http://www.ibm.com/support/docview.wss?uid=swg24029497
Trust: 1.8
url:http://www-01.ibm.com/support/docview.wss?uid=swg1iv03050
Trust: 1.7
url:http://secunia.com/advisories/45555
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/69204
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/69203
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3137
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3137
Trust: 0.8
url:http://www.ibm.com
Trust: 0.3
url:https://www-304.ibm.com/support/docview.wss?uid=swg24029497
Trust: 0.3
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/blog/242
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/advisories/45555/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/advisories/45555/#comments
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45555
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51082 // 
            
            
            
            BID: 49372 // 
            
            
            
            JVNDB: JVNDB-2011-004864 // 
            
            
            
            PACKETSTORM: 103786 // 
            
            
            
            CNNVD: CNNVD-201108-263 // 
            
            
            
            NVD: CVE-2011-3137

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 49372

SOURCES
db:VULHUBid:VHN-51082
db:BIDid:49372
db:JVNDBid:JVNDB-2011-004864
db:PACKETSTORMid:103786
db:CNNVDid:CNNVD-201108-263
db:NVDid:CVE-2011-3137

LAST UPDATE DATE
2024-11-23T20:36:35.031000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-51082date:2017-08-29T00:00:00
db:BIDid:49372date:2011-08-08T00:00:00
db:JVNDBid:JVNDB-2011-004864date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201108-263date:2011-08-15T00:00:00
db:NVDid:CVE-2011-3137date:2024-11-21T01:29:49.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-51082date:2011-08-12T00:00:00
db:BIDid:49372date:2011-08-08T00:00:00
db:JVNDBid:JVNDB-2011-004864date:2012-03-27T00:00:00
db:PACKETSTORMid:103786date:2011-08-08T01:19:06
db:CNNVDid:CNNVD-201108-263date:2011-08-15T00:00:00
db:NVDid:CVE-2011-3137date:2011-08-12T17:55:01.213