Cross site scripting

2013-05-0218:55:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response.

CPENameOperatorVersion
tivoli_federated_identity_managereq6.2.0.2
tivoli_federated_identity_managereq6.2.0
tivoli_federated_identity_managereq6.2.0.11
tivoli_federated_identity_managereq6.2.0.9
tivoli_federated_identity_managereq6.2.0.1
tivoli_federated_identity_managereq6.2.0.3
tivoli_federated_identity_managereq6.2.0.8
tivoli_federated_identity_managereq6.2.0.10
tivoli_federated_identity_managereq6.2.1.3
tivoli_federated_identity_managereq6.2.1.2

Name	Operator	Version
tivoli_federated_identity_manager	eq	6.2.0.2
tivoli_federated_identity_manager	eq	6.2.0
tivoli_federated_identity_manager	eq	6.2.0.11
tivoli_federated_identity_manager	eq	6.2.0.9
tivoli_federated_identity_manager	eq	6.2.0.1
tivoli_federated_identity_manager	eq	6.2.0.3
tivoli_federated_identity_manager	eq	6.2.0.8
tivoli_federated_identity_manager	eq	6.2.0.10
tivoli_federated_identity_manager	eq	6.2.1.3
tivoli_federated_identity_manager	eq	6.2.1.2

Rows per page:

1-10 of 271

References

www-01.ibm.com/support/docview.wss?uid=swg1IV26033

www-01.ibm.com/support/docview.wss?uid=swg1IV26034

www-01.ibm.com/support/docview.wss?uid=swg1IV31640

www-01.ibm.com/support/docview.wss?uid=swg21635688