IBM475972CB9D93B7F34851D99D974A61A4251CD5EB20D6D9A5959A0B1C0B8E1C5DSecurity Bulletin: IBM Tivoli Federated Identity Manager is affected by a cross-site scripting vulnerability (CVE-2017-1320)
EPSS
Percentile
19.0%
Summary
IBM Tivoli Federated Identity Manager is affected by a cross-site scripting vulnerability.
Vulnerability Details
CVEID: CVE-2017-1320**
DESCRIPTION:** IBM Tivoli Federated Identity Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125732 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM Tivoli Federated Identity Manager 6.2.2
IBM Tivoli Federated Identity Manager 6.2.1
IBM Tivoli Federated Identity Manager 6.2.0
Remediation/Fixes
IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch.
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Tivoli Federated Identity Manager | 6.2.2 | IV95729 | Apply fixpack 6.2.2-TIV-TFIM-FP0017. |
| IBM Tivoli Federated Identity Manager | 6.2.1 | N/A | Customers will need to upgrade to Tivoli Federated Identity Manager 6.2.2.17. |
| IBM Tivoli Federated Identity Manager | 6.2.0 | N/A | Customers will need to upgrade to Tivoli Federated Identity Manager 6.2.2.17. |
Workarounds and Mitigations
None
Related
EPSS
Percentile
19.0%