N/A

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.

N/A

N/A

IBM Tivoli Federated Identity Manager和IBM Tivoli Federated Identity Manager Business Gateway 安全漏洞

IBM Tivoli Federated Identity Manager（TFIM）和IBM Tivoli Federated Identity Manager Business Gateway（TFIMBG）都是美国IBM公司的身份和访问管理解决方案中的产品。IBM TFIM是一款跨企业的联邦身份管理产品。TFIMBG是一款联合身份管理业务网关产品。 IBM TFIM 6.2.2至6.2.8版本和TFIMBG 6.2.2至6.2.8版本中的Risk Based Access功能中存在安全漏洞，该漏洞源

N/A

N/A