Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:596990
HistoryNov 07, 2013 - 12:00 a.m.

IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway contain a URL redirection vulnerability

2013-11-0700:00:00
www.kb.cert.org
14

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

Overview

IBM Tivoli Federated Identity Manager version 6.22 and possibly earlier versions, and IBM Tivoli Federated Identity Manager Business Gateway version 6.2.2 and possibly earlier versions contain a URL redirection (CWE-601) vulnerability.

Description

CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)

IBM Tivoli Federated Identity Manager (TFIM) version 6.22 and possibly earlier versions, and IBM Tivoli Federated Identity Manager Business Gateway (TFIMBG) version 6.2.2 and possibly earlier versions contain a URL redirection vulnerability. An attacker can append a link to the Identity Manager URL which may cause the user to be redirected to a site with malicious content or scripts.

Impact

A remote unauthenticated attacker may be able to redirect a user to a website that contains malicious content or scripts.

Solution

Apply an Update
IBM has released an advisory detailing the vulnerability and offers patched versions of TFIM and TFIMBG to address this vulnerability.

Vendor Information

596990

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

IBM Corporation Affected

Notified: September 23, 2013 Updated: November 04, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
Temporal 3.4 E:POC/RL:OF/RC:C
Environmental 0.8 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Mukhammed Khalilov of Help AG Middle East for reporting this vulnerability.

This document was written by Adam Rauf.

Other Information

CVE IDs: CVE-2013-5431
Date Public: 2013-10-28 Date First Published:

Related

cvelist 1
ibm 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2013-5431
2013-11-01 01:00:00
ibm
ibm
Security Bulletin: Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway redirect to an insufficiently validated URL (CVE-2013-5431)
2022-09-25 22:39:39
cve
cve
CVE-2013-5431
2013-11-01 02:55:04
prion
prion
Open redirect
2013-11-01 02:55:00
nvd
nvd
CVE-2013-5431
2013-11-01 02:55:04

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON
Related for VU:596990
cvelist1ibm1cve1prion1nvd1