Lucene search

PRIOn knowledge basePRION:CVE-2010-4120

HistoryOct 28, 2010 - 9:00 p.m.

Cross site scripting

2010-10-2821:00:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.

CPENameOperatorVersion
tivoli_access_manager_for_e-businesseq6.1.1
tivoli_access_manager_for_e-businesseq6.1.0

CPE	Name	Operator	Version
	tivoli_access_manager_for_e-business	eq	6.1.1
	tivoli_access_manager_for_e-business	eq	6.1.0

References

osvdb.org/68884

osvdb.org/68885

osvdb.org/68886

osvdb.org/68887

osvdb.org/68888

osvdb.org/68889

osvdb.org/68890

osvdb.org/68891

osvdb.org/68892

osvdb.org/68893

osvdb.org/68894

secunia.com/advisories/41974

securitytracker.com/id?1024633

www-01.ibm.com/support/docview.wss?uid=swg1IZ84918

www.securityfocus.com/bid/44382

www.vupen.com/english/advisories/2010/2774

exchange.xforce.ibmcloud.com/vulnerabilities/62750