Page 2 of 22 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0-TIV-TFIM-IF0015, 6.2.1 before 6.2.1-TIV-TFIM-IF0007, and 6.2.2 before 6.2.2-TIV-TFIM-IF0011 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 anterior a 6.2.0-TIV-TFIM-IF0015, 6.2.1 anterior a 6.2.1-TIV-TFIM-IF0007, y 6.2.2 anterior a 6.2.2-TIV-TFIM-IF0011 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV64324 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64325 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64349 http://www-01.ibm.com/support/docview.wss?uid=swg1IV64376 http://www-01.ibm.com/support/docview.wss? •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. La funcionalidad de Acceso Basado en el Riesgo de IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 antes de FP9 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 antes de FP9 no impide la reutilización de One Time Password (OTP) tokens, lo que hace más fácil para los usuarios remotos autenticados para completar las transacciones mediante el aprovechamiento de acceso a un símbolo usado ya. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV52624 http://www-01.ibm.com/support/docview.wss?uid=swg21660509 http://www-01.ibm.com/support/docview.wss?uid=swg21660510 https://exchange.xforce.ibmcloud.com/vulnerabilities/87561 • CWE-287: Improper Authentication •

CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0

Open redirect vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 before IF 15, 6.2.0 before IF 14, 6.2.1, and 6.2.2 before IF 8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerablilidad de redirección abierta en en IBM Tivoli Federated Identity Manager (TFIM) 6.1.1 anterior a IF 15, 6.2.0 anterior a IF 14, 6.2.1 y 6.2.2 anterior a IF 8 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1 anterior a IF 15, 6.2.0 anterior a IF 14, 6.2.1 y 6.2.2 antes de IF 8 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV50639 http://www-01.ibm.com/support/docview.wss?uid=swg21654114 http://www.kb.cert.org/vuls/id/596990 https://exchange.xforce.ibmcloud.com/vulnerabilities/87616 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.12 and 6.2.1 before 6.2.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers a SAML 2.0 response. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 antes de v6.2.0.12, v6.2.1 antes de v6.2.1.5, y v6.2.2 antes de v6.2.2.4 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 antes de v6.2.0.12 y v6.2.1 antes de v6.2.1.5 permite a atacantes remotos inyectar HTML o secuencias de comandos weba través de una URL debidamente modificada que dispara una respuesta SAML v2.0 • http://www-01.ibm.com/support/docview.wss?uid=swg1IV26033 http://www-01.ibm.com/support/docview.wss?uid=swg1IV26034 http://www-01.ibm.com/support/docview.wss?uid=swg1IV31640 http://www-01.ibm.com/support/docview.wss?uid=swg21635688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes. IBM Tivoli Federated Identity Manager (TFIM) v6.2.0 antes de v6.2.0.11, v6.2.1 antes de v6.2.1.3 y v6.2.2 antes de v6.2.2.2 y Tivoli Federated Identity Manager Business Gateway (TFIMBG) v6.2.0 antes de v6.2.0.11, v6.2.1 antes de v6.2.1.3 y v6.2.2 antes de v6.2.2.2 no comprueban si un atributo OpenID está firmado en el (1) SREG (extensión registro simple) y (2) casos de extensión AX (también conocido como extensión de intercambio de atributos), que permite a atacantes de man-in-the-middle, falsificar los datos del proveedor de OpenID mediante la inserción de atributos no firmados. • http://secunia.com/advisories/51212 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23451 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23452 http://www-01.ibm.com/support/docview.wss?uid=swg1IV23453 http://www-01.ibm.com/support/docview.wss?uid=swg21615744 http://www-01.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •