Cross site scripting

2015-07-0414:59:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for Mobile and other products, allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to the (1) ERROR_DESCRIPTION and (2) TOKEN:RelayState macros.

CPENameOperatorVersion
tivoli_federated_identity_managereq6.2.0
tivoli_federated_identity_managereq6.2.2
tivoli_federated_identity_managereq6.2.1

Name	Operator	Version
tivoli_federated_identity_manager	eq	6.2.0
tivoli_federated_identity_manager	eq	6.2.2
tivoli_federated_identity_manager	eq	6.2.1

References

www-01.ibm.com/support/docview.wss?uid=swg1IV74198

www-01.ibm.com/support/docview.wss?uid=swg1IV74199

www-01.ibm.com/support/docview.wss?uid=swg1IV74200

www-01.ibm.com/support/docview.wss?uid=swg21959071

www.securityfocus.com/bid/75537

www.securitytracker.com/id/1032767