3 results (0.013 seconds)

CVSS: 5.4EPSS: 0%CPEs: 40EXPL: 0

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. Tivoli Federated Identity Manager versión 6.2 de IMB, es vulnerable a un problema de tipo cross-site-scripting. Esta vulnerabilidad permite a los usuarios insertar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista que puede conllevar a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg22002877 http://www.securitytracker.com/id/1038505 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. La funcionalidad de Acceso Basado en el Riesgo de IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 antes de FP9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 antes de FP9 no impide la reutilización de One Time Password (OTP) tokens, lo que hace más fácil para los usuarios remotos autenticados para completar las transacciones mediante el aprovechamiento de acceso a un símbolo usado ya. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624 http://www-01.ibm.com/support/docview.wss?uid=swg21660509 http://www-01.ibm.com/support/docview.wss?uid=swg21660510 https://exchange.xforce.ibmcloud.com/vulnerabilities/87561 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 antes de v6.2.0.12, v6.2.1 antes de v6.2.1.5, y v6.2.2 antes de v6.2.2.4 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 antes de v6.2.0.12 y v6.2.1 antes de v6.2.1.5 permite a atacantes remotos inyectar HTML o secuencias de comandos weba través de una URL debidamente modificada que dispara una respuesta SAML v2.0 • http://www-01.ibm.com/support/docview.wss?uid=swg1IV26033 http://www-01.ibm.com/support/docview.wss?uid=swg1IV26034 http://www-01.ibm.com/support/docview.wss?uid=swg1IV31640 http://www-01.ibm.com/support/docview.wss?uid=swg21635688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •