Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12374
HistorySep 22, 2009 - 12:00 a.m.

IBM Tivoli Identity Manager SSUI跨站脚本漏洞

2009-09-2200:00:00
Root
www.seebug.org
13

0.001 Low

EPSS

Percentile

34.3%

JSON

CVE ID: CVE-2009-3262

IBM Tivoli Identity Manager提供一个安全、自动化且基于策略的解决方案,帮助有效地管理IT环境中用户帐号、访问权限和密码的创建到终止的整个过程。

Tivoli Identity Manager的Self Service UI(SSUI)没有正确地过滤用户所提交的请求,通过认证的远程攻击者可以通过配置文件的last name字段执行跨站脚本攻击,导致注入并执行任意脚本或HTML代码。

IBM Tivoli Identity Manager 5.0
厂商补丁:

IBM

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www-01.ibm.com/support/docview.wss?uid=swg1IZ54747

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Cross site scripting
2009-09-18 21:30:00
cvelist
cvelist
CVE-2009-3262
2022-10-03 16:23:53
nvd
nvd
CVE-2009-3262
2009-09-18 21:30:01
cve
cve
CVE-2009-3262
2022-10-03 16:23:53

0.001 Low

EPSS

Percentile

34.3%

JSON
Related for SSV:12374
prion1cvelist1nvd1cve1