Security Bulletin: IBM Tivoli Identity Manager and IBM Security Identity Manager can be affected by a Cross Site Request Forgery Vulnerability (CVE-2014-0961)

Summary IBM Tivoli Identity Manager and IBM Security Identity Manager are affected by a Cross Site Request Forgery vulnerability. Vulnerability Details CVEID: CVE-2014-0961 DESCRIPTION: IBM Tivoli Identity Manager and IBM Security Identity Manager is vulnerable to cross-site request forgery. An...

CVE-2014-0961

CVE-2014-0961 affects IBM Tivoli Identity Manager (ITIM) 5.0 (before 5.0.0.15), ITIM 5.1 (before 5.1.0.15), and IBM Security Identity Manager (ISIM) 6.0 (before 6.0.0.2). The root issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables remote authenticated users to hijack the auth...

CVE-2009-3262

IBM Tivoli Identity Manager (ITIM) 5.0.0.5 Self Service UI (SSUI) is affected by a Cross-site scripting (XSS) vulnerability: remote authenticated users can inject arbitrary script/HTML via the last name field in a profile due to insufficient input filtering. Impact is XSS within authenticated ses...

CVE-2009-2583

CVE-2009-2583 describes multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 . The issue allows remote attackers to hijack web sessions via unspecified vectors involving the console and self service interfaces . The description does not specify the exact exploit...

CVE-2009-2316

CVE-2009-2316 affects IBM Tivoli Identity Manager (ITIM) 5.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in the self-service UI and the console interface; note that 4...

CVE-2006-6607

The CVE-2006-6607 vulnerability affects WebSphere Application Server (WAS) used with IBM Tivoli Identity Manager (ITIM) 4.6. The JKS password is exposed via a -Djavax.net.ssl.trustStorePassword command line argument, enabling local users to read the password by inspecting the process or similar m...