Lucene search

[email protected]CVE-2013-0582

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2013-0582

2022-10-0316:15:03

CWE-79

[email protected]

web.nvd.nist.gov

ibm

tfim

xss vulnerability

remote attackers

web script

html

crafted url

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.

Affected configurations

NVD

Node

ibmtivoli_federated_identity_managerMatch6.2.0

ibmtivoli_federated_identity_managerMatch6.2.0.1

ibmtivoli_federated_identity_managerMatch6.2.0.2

ibmtivoli_federated_identity_managerMatch6.2.0.3

ibmtivoli_federated_identity_managerMatch6.2.0.8

ibmtivoli_federated_identity_managerMatch6.2.0.9

ibmtivoli_federated_identity_managerMatch6.2.0.10

ibmtivoli_federated_identity_managerMatch6.2.0.11

Node

ibmtivoli_federated_identity_managerMatch6.2.1

ibmtivoli_federated_identity_managerMatch6.2.1.1

ibmtivoli_federated_identity_managerMatch6.2.1.2

ibmtivoli_federated_identity_managerMatch6.2.1.3

ibmtivoli_federated_identity_managerMatch6.2.1.4

Node

ibmtivoli_federated_identity_managerMatch6.2.2

ibmtivoli_federated_identity_managerMatch6.2.2.2

ibmtivoli_federated_identity_managerMatch6.2.2.3

Node

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0.1

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0.2

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0.3

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0.8

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0.9

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0.10

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.0.11

Node

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.1

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.1.3

ibmtivoli_federated_identity_manager_business_gatewayMatch6.2.1.4

CPENameOperatorVersion
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.1
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.2
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.3
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.8
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.9
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.10
ibm:tivoli_federated_identity_manageribm tivoli federated identity managereq6.2.0.11

CPE	Name	Operator	Version
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.1
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.2
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.3
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.8
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.9
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.10
ibm:tivoli_federated_identity_manager	ibm tivoli federated identity manager	eq	6.2.0.11

References

www-01.ibm.com/support/docview.wss?uid=swg1IV26033

www-01.ibm.com/support/docview.wss?uid=swg1IV26034

www-01.ibm.com/support/docview.wss?uid=swg1IV31640

www-01.ibm.com/support/docview.wss?uid=swg21635688

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

Related for CVE-2013-0582

nvd1 cvelist1 prion1