Cross site scripting

2017-05-2220:29:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.1%

JSON

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732.

CPENameOperatorVersion
tivoli_federated_identity_managereq6.2.2.6
tivoli_federated_identity_managereq6.2.2.7
tivoli_federated_identity_managereq6.2.2.16
tivoli_federated_identity_managereq6.2.0.2
tivoli_federated_identity_managereq6.2.2.4
tivoli_federated_identity_managereq6.2.0
tivoli_federated_identity_managereq6.2.0.16
tivoli_federated_identity_managereq6.2.2.14
tivoli_federated_identity_managereq6.2.0.11
tivoli_federated_identity_managereq6.2.2.13

Name	Operator	Version
tivoli_federated_identity_manager	eq	6.2.2.6
tivoli_federated_identity_manager	eq	6.2.2.7
tivoli_federated_identity_manager	eq	6.2.2.16
tivoli_federated_identity_manager	eq	6.2.0.2
tivoli_federated_identity_manager	eq	6.2.2.4
tivoli_federated_identity_manager	eq	6.2.0
tivoli_federated_identity_manager	eq	6.2.0.16
tivoli_federated_identity_manager	eq	6.2.2.14
tivoli_federated_identity_manager	eq	6.2.0.11
tivoli_federated_identity_manager	eq	6.2.2.13